Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
so i made a script in the /usr/local/bin directory. I can run it under root, however when i change users and try to run the script it says permission denied, actually if i even try to run the command ls it says "ls: cannot open directory .: Permission denied"
if i run getfacl /usr/local/bin/script1 it shows this:
# file: usr/local/bin/script1
# owner: root
# group: root
user::rwx
user:gnobile:r-x
user:test:rwx
group::r--
mask::rwx
other::--x
i tried with user gnobile had these issues so i created user test and had same issues. Thanks for the help guys.
here is what I'm trying to do I would believe Lab 2 would be more important because it's what I'm having issues with.
In this lab you'll explore the role of permissions and the SUID bit. To do so, you'll create a simple script in the /usr/local/bin directory. Call it script1.
1. In a text editor, open file script1 in the /usr/local/bin directory.
2. Enter the following lines in that file:
#!/bin/bash
/bin/ls > filelist
3. Save the file.
4. Try to execute that script as the root administrative user. What happens?
5. Set up execute permissions for the user owner of the script1 file with the chmod u+x /usr/local/bin/script1 command. Can you now execute the script as the root administrative user?
6. Now set up execute permissions for other users in the script1 file. Log in as a regular user. Can you now execute the script as a regular user?
7. As it's a big security risk to set SUID permissions on a shell script, don't do that on the script1 file. Instead, remove SUID permissions on the /usr/bin/passwd executable file with the chmod u-s /usr/bin/passwd command.
8. Try to run the passwd command as a regular user. What happens? Did your password change? Try again. What worked when prompted for the current password?
9. Return to the root user account, and restore SUID permissions on the /usr/bin/passwd file.
10. Try to run the passwd command again as a regular user. Change your password. What happens this time?
Lab 2
In this lab, you'll use the script created in Lab 1. You'll set up regular permissions on that script, and then configure ACLs for that script to be executed by a regular user. It also assumes that the filesystem with the /usr/local/bin directory is the top-level root directory, and is not already mounted with ACLs.
1. Change the permissions on the script1 file created in Lab 1 with the chmod 644 /usr/local/bin/script1 command.
2. Log in as a regular user. Try to execute that script. What happens?
3. Remount the top-level root directory (/) with ACLs with the following command:
# mount -o remount,acl /
As long as the /etc/fstab file is configured in the top-level root directory (/), this command should work. To verify, run the mount command by itself; it should show output similar to:
/dev/vda2 on / type ext4 (rw,acl)
4. Now you'll be able to set ACLs on the noted script. Configure read and execute ACLs for one regular user on the script1 file. Verify with the getfacl command.
5. Repeat Step 2, logging in as the regular user given ACL privileges to the script1 script. What happens?
6. If you want to restore the original configuration, delete the script1 file from the /usr/local/bin directory. If your original configuration did not include ACLs on the top level root directory, you can restore that situation with the following command:
- Did you forget to change the setting to the directory itself (/usr/local/bin)? /usr/local/bin has rwxr-xr-x permissions and anly root is able to write to that directory.
Code:
setfacl -m u:gnobile:rwx /usr/local/bin
- Is the output file (filelist) still present from the previous run (using root)?
i get the following error
su: /bin/bash: Permission denied
I'm logged in as root
You do need to provide a bit more information about what you have done, without it we can only guess.
Assuming that you are still experimenting with acl's you can check the following:
- Is /bin/bash accessible for user gnobile (getfacl /bin/bash)?
- Is /bin accessible for user gnobile (getfacl /bin)?
sorry i forgot to post on this forum to say the issue was resolved.
I googled searching for an answer i couldn't find any that worked. Luckily this OS was loaded in a KVM so i just shut it down and deleted it.
Then i just made another KVM using the same image. Anyway thanks for the help. I figured this was going to be faster than trying to figure out what i did to make the KVM fubar.
thanks though
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
