cannot cd to dir even it's mode 777

hahacc · 06-12-2017, 03:53 AM

Hi folks,

It's very weird that on one of dir, I cannot cd to the dir even it's 700.

There's no issue in /media3/splunkforwarder/etc, I can cd to it; but for /media3/splunkforwarder/etc/auth, there's error, even though /media3/splunkforwarder/etc/auth is 700

Code:

[root@test etc]# pwd
/media3/splunkforwarder/etc

[root@test etc]# cd auth
-bash: cd: auth: Permission denied

[root@test etc]# ls -ld auth
drwx------+ 3 root root 12 Oct  9  2016 auth

[root@test etc]# getfacl auth
# file: auth
# owner: root
# group: root
user::rwx
group::---
mask::rwx
other::---

getfacl: auth: Permission denied

Could anyone help on this? Thank you!

pan64 · 06-12-2017, 04:14 AM

drwx------+ + means SELinux is enabled
the correct answer is here:
http://www.unix.com/unix-for-dummies...7037-drwx.html

hydrurga · 06-12-2017, 04:25 AM

For info, auth doesn't have 777 permissions in the details you provide, it has 700.

Just in case it has a bearing, can you paste the output from:

Code:

lsattr -d auth

hydrurga · 06-12-2017, 04:26 AM

Quote:

Originally Posted by pan64

drwx------+ + means SELinux is enabled

I thought it meant that the directory/file has ACL's set?

hahacc · 06-12-2017, 05:08 AM

Quote:

Originally Posted by hydrurga

For info, auth doesn't have 777 permissions in the details you provide, it has 700.

Just in case it has a bearing, can you paste the output from:

Code:

lsattr -d auth

Yes it's 700, sorry typo here.

Even lsattr with permission denied:

Code:

[root@test etc]# lsattr -d auth
lsattr: Permission denied While reading flags on auth

pan64 · 06-12-2017, 05:38 AM

Quote:

Originally Posted by hydrurga

I thought it meant that the directory/file has ACL's set?

sorry, corrected.

BW-userx · 06-12-2017, 07:28 AM

weired just recreated that, and it works here

Code:

good morning userx
userx%voider ⚡ ~ ⚡> mkdir dir700
userx%voider ⚡ ~ ⚡> chmod 700 dir700 -R
userx%voider ⚡ ~ ⚡> cd dir700
userx%voider ⚡ dir700 ⚡> cd
userx%voider ⚡ ~ ⚡> ls -la dir700
total 8
drwx------  2 userx userx 4096 Jun 12 07:26 .
drwx--x--x 59 userx userx 4096 Jun 12 07:26 ..
userx%voider ⚡ ~ ⚡>
userx%voider ⚡ ~ ⚡> ls -ld dir700
drwx------ 2 userx userx 4096 Jun 12 07:26 dir700
userx%voider ⚡ ~ ⚡>

yours got a +

Code:

[root@test etc]# ls -ld auth
drwx------+ 3 root root 12 Oct  9  2016 auth

what dat + for? bit thing?
found it never mind

Code:

"If the file or directory has extended security
 information, the permissions field printed by the
 -l option is followed by a '+' character."

This generally means the file is encumbered with access
 restrictions outside of the traditional Unix permissions -
 likely Access Control List (ACL).

So I'd say you got a look at your access control list for that dir and see what its doing in relationship to govern it.

hydrurga · 06-12-2017, 07:42 AM

Does the auth directory happen to be a mount point to a filesystem on another machine?

Use the mount | grep "auth" command to check.

malekmustaq · 06-12-2017, 11:01 AM

Quote:

but for /media3/splunkforwarder/etc/auth, there's error, even though /media3/splunkforwarder/etc/auth is 700

It appears the folder is accessed through a mounted volume or mount point. Check the mount permission.

Code:

man mount

Good luck.

hahacc · 06-12-2017, 09:14 PM

Quote:

Originally Posted by hydrurga

Does the auth directory happen to be a mount point to a filesystem on another machine?

Use the mount | grep "auth" command to check.

Yes, the FS is on NFS, please check below:

[root@test etc]# df -Ph .
Filesystem Size Used Avail Use% Mounted on
slcfs01:/export/vol01 3.0T 11G 3.0T 1% /media3

[root@test etc]# mount | grep '/media3'
slcfs01:/export/vol01 on /media3 type nfs (rw,rsize=32768,wsize=32768,hard,nolock,timeo=14,noacl,intr,mountvers=3,nfsvers=3,addr=10.240.185.20 )

hahacc · 06-12-2017, 09:15 PM

Quote:

Originally Posted by malekmustaq

It appears the folder is accessed through a mounted volume or mount point. Check the mount permission.

Code:

man mount

Good luck.

Yes, the FS is on NFS, please check below:

[root@test etc]# df -Ph .
Filesystem Size Used Avail Use% Mounted on
slcfs01:/export/vol01 3.0T 11G 3.0T 1% /media3

[root@test etc]# mount | grep '/media3'
slcfs01:/export/vol01 on /media3 type nfs (rw,rsize=32768,wsize=32768,hard,nolock,timeo=14,noacl,intr,mountvers=3,nfsvers=3,addr=10.240.185.20 )

Laserbeak · 06-12-2017, 09:57 PM

I don't think you should generally chmod a directory to an octal number, since it may have other flags set to show it's even a directory, depending on the UNIX/Linux implementation. With directories, I always try to use chmod g+w /path/to/directory etc.

rknichols · 06-12-2017, 10:24 PM

Quote:

Originally Posted by hahacc

Yes, the FS is on NFS, please check below:

Root privileges are not honored across NFS unless the filesystem is exported with the "no_root_squash" option. Without that option, "root" gets mapped to "nfsnobody", and that ID does not have the needed permissions in your directory.

hahacc · 06-13-2017, 02:39 AM

Quote:

Originally Posted by rknichols

Root privileges are not honored across NFS unless the filesystem is exported with the "no_root_squash" option. Without that option, "root" gets mapped to "nfsnobody", and that ID does not have the needed permissions in your directory.

Thank you! After enabling no_root_squash, the issue gone away.

hahacc · 06-13-2017, 04:35 AM

Quote:

Originally Posted by hydrurga

Does the auth directory happen to be a mount point to a filesystem on another machine?

Use the mount | grep "auth" command to check.

Thank you! After enabling no_root_squash, the issue gone away.