LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-27-2012, 04:29 AM   #1
malak33
Member
 
Registered: Dec 2011
Location: Amish Country PA, USA
Distribution: CentOS 6.2
Posts: 104

Rep: Reputation: 3
Permission issues in CentOS


so i made a script in the /usr/local/bin directory. I can run it under root, however when i change users and try to run the script it says permission denied, actually if i even try to run the command ls it says "ls: cannot open directory .: Permission denied"

if i run getfacl /usr/local/bin/script1 it shows this:
# file: usr/local/bin/script1
# owner: root
# group: root
user::rwx
user:gnobile:r-x
user:test:rwx
group::r--
mask::rwx
other::--x

i tried with user gnobile had these issues so i created user test and had same issues. Thanks for the help guys.



here is what I'm trying to do I would believe Lab 2 would be more important because it's what I'm having issues with.

In this lab you'll explore the role of permissions and the SUID bit. To do so, you'll create a simple script in the /usr/local/bin directory. Call it script1.

1. In a text editor, open file script1 in the /usr/local/bin directory.

2. Enter the following lines in that file:

#!/bin/bash
/bin/ls > filelist

3. Save the file.

4. Try to execute that script as the root administrative user. What happens?

5. Set up execute permissions for the user owner of the script1 file with the chmod u+x /usr/local/bin/script1 command. Can you now execute the script as the root administrative user?

6. Now set up execute permissions for other users in the script1 file. Log in as a regular user. Can you now execute the script as a regular user?

7. As it's a big security risk to set SUID permissions on a shell script, don't do that on the script1 file. Instead, remove SUID permissions on the /usr/bin/passwd executable file with the chmod u-s /usr/bin/passwd command.

8. Try to run the passwd command as a regular user. What happens? Did your password change? Try again. What worked when prompted for the current password?

9. Return to the root user account, and restore SUID permissions on the /usr/bin/passwd file.

10. Try to run the passwd command again as a regular user. Change your password. What happens this time?

Lab 2

In this lab, you'll use the script created in Lab 1. You'll set up regular permissions on that script, and then configure ACLs for that script to be executed by a regular user. It also assumes that the filesystem with the /usr/local/bin directory is the top-level root directory, and is not already mounted with ACLs.

1. Change the permissions on the script1 file created in Lab 1 with the chmod 644 /usr/local/bin/script1 command.

2. Log in as a regular user. Try to execute that script. What happens?

3. Remount the top-level root directory (/) with ACLs with the following command:

# mount -o remount,acl /

As long as the /etc/fstab file is configured in the top-level root directory (/), this command should work. To verify, run the mount command by itself; it should show output similar to:

/dev/vda2 on / type ext4 (rw,acl)

4. Now you'll be able to set ACLs on the noted script. Configure read and execute ACLs for one regular user on the script1 file. Verify with the getfacl command.

5. Repeat Step 2, logging in as the regular user given ACL privileges to the script1 script. What happens?

6. If you want to restore the original configuration, delete the script1 file from the /usr/local/bin directory. If your original configuration did not include ACLs on the top level root directory, you can restore that situation with the following command:

# mount -o remount /
 
Old 04-27-2012, 04:41 AM   #2
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Hi,

2 things I can come up with:

- Did you forget to change the setting to the directory itself (/usr/local/bin)? /usr/local/bin has rwxr-xr-x permissions and anly root is able to write to that directory.

Code:
setfacl -m u:gnobile:rwx /usr/local/bin
- Is the output file (filelist) still present from the previous run (using root)?

Hope this helps.
 
Old 05-03-2012, 09:08 PM   #3
malak33
Member
 
Registered: Dec 2011
Location: Amish Country PA, USA
Distribution: CentOS 6.2
Posts: 104

Original Poster
Rep: Reputation: 3
yup that worked thanks for the help
 
Old 05-03-2012, 10:10 PM   #4
malak33
Member
 
Registered: Dec 2011
Location: Amish Country PA, USA
Distribution: CentOS 6.2
Posts: 104

Original Poster
Rep: Reputation: 3
no when i type the command
su gnobile

i get the following error
su: /bin/bash: Permission denied

I'm logged in as root
 
Old 05-04-2012, 02:55 AM   #5
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Hi,
Quote:
Originally Posted by malak33 View Post
when i type the command
su gnobile

i get the following error
su: /bin/bash: Permission denied

I'm logged in as root
You do need to provide a bit more information about what you have done, without it we can only guess.

Assuming that you are still experimenting with acl's you can check the following:
- Is /bin/bash accessible for user gnobile (getfacl /bin/bash)?
- Is /bin accessible for user gnobile (getfacl /bin)?

Hope this helps.
 
Old 05-04-2012, 03:06 AM   #6
malak33
Member
 
Registered: Dec 2011
Location: Amish Country PA, USA
Distribution: CentOS 6.2
Posts: 104

Original Poster
Rep: Reputation: 3
sorry i forgot to post on this forum to say the issue was resolved.

I googled searching for an answer i couldn't find any that worked. Luckily this OS was loaded in a KVM so i just shut it down and deleted it.

Then i just made another KVM using the same image. Anyway thanks for the help. I figured this was going to be faster than trying to figure out what i did to make the KVM fubar.
thanks though
 
Old 05-04-2012, 03:07 AM   #7
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
You're welcome
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] CentOS file Permission BernardLinux Linux - Newbie 2 09-12-2011 12:26 AM
Permission issues Zeno McDohl Linux - Newbie 1 01-15-2008 03:17 AM
permission issues CiscoGeek Linux - Newbie 4 07-30-2006 09:27 AM
Permission Issues turbo_acura Linux - Software 3 02-20-2006 05:24 PM
permission issues. neuroX Linux - Software 7 02-17-2004 07:40 AM


All times are GMT -5. The time now is 10:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration