LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 08-22-2008, 05:24 PM   #1
davidstvz
Member
 
Registered: Jun 2008
Posts: 405

Rep: Reputation: 30
permissions question


NOTE:

If anyone wants to help me, may I suggest skipping to the very last post and going from there?

--

--

--

I understand w lets you add or remove files, would read permissions let you read all files in the directory regardless of their permissions?

If not, then I can't imagine any use for it (since x lets you list the directory contents).

Last edited by davidstvz; 08-23-2008 at 01:10 PM.
 
Old 08-22-2008, 05:33 PM   #2
Samotnik
Member
 
Registered: Jun 2006
Location: Belarus
Distribution: Debian GNU/Linux testing/unstable
Posts: 471

Rep: Reputation: 40
No. Read permissions for directory means you're able to obtain filenames in the directory.
 
Old 08-22-2008, 05:34 PM   #3
CrazyToon
LQ Newbie
 
Registered: Jun 2003
Posts: 21

Rep: Reputation: 0
x let's you execute. Meaning you can cd into that dir.
 
Old 08-22-2008, 05:39 PM   #4
davidstvz
Member
 
Registered: Jun 2008
Posts: 405

Original Poster
Rep: Reputation: 30
Oh. The explanations I find on the web didn't seem to mesh with that, but that makes sense.

Also, I gave -rws--x--x permissions to a script which is designed so that an unprivileged user can copy files from one of their directories to a particular destination directory belonging to another user. however it's telling me that permission is denied when trying to access the target directory in question.

Last edited by davidstvz; 08-22-2008 at 05:40 PM.
 
Old 08-22-2008, 06:53 PM   #5
davidstvz
Member
 
Registered: Jun 2008
Posts: 405

Original Poster
Rep: Reputation: 30
Urgent: using rws----r-x permissions not working

I absolutely have to get this working right before Monday. I can beat my head against the problem all weekend, but I don't have the faintest clue what is wrong.

I'm running SuseLinux10. I have a script pc.scr with permissions as follows:

-rwsr-xr-x 1 crs120_bra crs120 754 2008-08-22 17:36 pc.scr

As I understand it, any user who runs this script will have the privileges of crs120_bra while the script is running. However, when the script tries to copy a file into a directory that crs120_bra owns, it gives me permission denied messages.

Details: The basic user runs a different script (with only rxwr-xr-x permissions) which then calls pc.scr (the one with rwsr-xr-x permissions). The first script causes the user to copy some files to /tmp/$LOGNAME/ with 777 permissions, then the second script is supposed to cause the user to temporarily inherit permissions of the pc.scr owner so that the files in that temp directory can be copied into a directory that the pc.scr owner has access to (but the normal user doesn't).

I verified that the target directory is owned by crs120_bra (by checking permissions and by creating a file). I have also verified that the final cp command is causing the errors (the initial copy uses `cat $filename > /tmp/$LOGNAME/$filename` so there is no other cp command in either script). The script can't even make a subdirectory in the target directory, so I know the problem has got to be that the base user isn't inheriting the privileges like teh -rws---r-x is supposed to let him do.

If anyone can list a few things I might double check, I would really appreciate it. Man this has been a long week... almost over with if I could just get this working.

EDIT:

I even tried making the owner of the script root, but it didn't help

Last edited by davidstvz; 08-22-2008 at 07:00 PM.
 
Old 08-22-2008, 07:31 PM   #6
davidstvz
Member
 
Registered: Jun 2008
Posts: 405

Original Poster
Rep: Reputation: 30
Some other people on the net are saying that suid doesn't work for scripts in linux. If that's the case, then I am seriously screwed (well, maybe not completely, I supposed I could rewrite the script as a c-program; that's just going to be highly annoying).
 
Old 08-22-2008, 07:47 PM   #7
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,000
Blog Entries: 11

Rep: Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893
I took the liberty to merge those two threads - the first
post of the second thread is just a continuation of the
last post on the first thread.


Cheers,
Tink
 
Old 08-22-2008, 07:50 PM   #8
davidstvz
Member
 
Registered: Jun 2008
Posts: 405

Original Poster
Rep: Reputation: 30
sorry

I knew it was skirting the rules a bit, but I'm getting desperate here. I have some ideas now so I'm not completely stuck... looks like I'm going to be working all night.
 
Old 08-22-2008, 07:59 PM   #9
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,000
Blog Entries: 11

Rep: Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893
No worries ... and to answer your question: bash won't do
what you're asking of it indeed. You can't have scripts
suid ... you may be able, however, to achieve the result
you're after by adding the script to sudoers ?

%MYGROUP ALL=ALL NOPASSWD: su - USER -c "/path/to/script"

Untested, by I think it should work.


Cheers,
Tink
 
Old 08-22-2008, 08:31 PM   #10
davidstvz
Member
 
Registered: Jun 2008
Posts: 405

Original Poster
Rep: Reputation: 30
sudoers?

That means the script will run as root? I guess that wouldn't be a problem as long as no one had to enter any passwords.

I'd rather have the script run as a less privleged user actually

::EDIT::

NM, I see. The syntax isn't quite right, but I'll look it up. This might indeed be exactly what I need. I was about to write my own copy program in C :|

EDIT:

I can't get the syntax right damn I'm so helpless at the moment. In a year I'll be answering questions for all the other the latest round of n00bs though

Last edited by davidstvz; 08-22-2008 at 08:49 PM.
 
Old 08-22-2008, 09:01 PM   #11
davidstvz
Member
 
Registered: Jun 2008
Posts: 405

Original Poster
Rep: Reputation: 30
This just doesn't seem to be working. Your syntax was causing problems so tried something new I got from a webpage:

Code:
Cmnd_Alias        APATH = /path/to/script


..

..

..

%groupname          ALL=(%groupname)     APATH
I thought that would let users in %groupname run, from any terminal, as any other user in %groupname on the command APATH
 
Old 08-22-2008, 09:15 PM   #12
davidstvz
Member
 
Registered: Jun 2008
Posts: 405

Original Poster
Rep: Reputation: 30
Ah crap... I think I just figured it out... but I realized I need to pass an argument to the script

Anyone know how to do that?
 
Old 08-22-2008, 09:24 PM   #13
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
The first argument will be $1 (or is that 1), so

echo $1

will print out the first argument for example
 
Old 08-22-2008, 09:46 PM   #14
davidstvz
Member
 
Registered: Jun 2008
Posts: 405

Original Poster
Rep: Reputation: 30
Ok, I have the script working great now, only it is still asking the user for the password of the privileged user. Here's what my visudo file looks like, and the line in the script:

Code:
# Cmnd alias specification
Cmnd_Alias PC1240 = /bin/su - privuser -c "${classbin}/pcn.scr ${1} ${LOGNAME}"

# Defaults specification
Defaults targetpw    # ask for the password of the target user i.e. root
%users ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!

# User privilege specification
root    ALL=(ALL) ALL

%1240           ALL=(ALL)       NOPASSWD: PC1240

The line in the script is:
Code:
/bin/su - privuser -c "${classbin}/pcn.scr ${1} ${LOGNAME}"
 
Old 08-22-2008, 09:48 PM   #15
davidstvz
Member
 
Registered: Jun 2008
Posts: 405

Original Poster
Rep: Reputation: 30
I'm going to go home now. I'll check this from home and log in via ssh if anyone has any good ideas! Otherwise tomorrow. I'm pretty sure I can get this worked out now. I just need to set up the sudoer file properly. I'll sleep a little easier tonight anyway. Thanks everyone.

Make sure to help correct my sudoer file if you can
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
permissions question fluidicslave Linux - Security 4 07-23-2006 09:52 PM
permissions question sunman Slackware 7 11-18-2005 11:00 PM
Permissions question: what does the Thaidog Linux - General 7 03-29-2005 11:16 PM
Permissions question gauge73 Linux - Newbie 4 05-02-2003 05:33 PM
permissions question cinnix Linux - General 2 07-09-2001 08:59 AM


All times are GMT -5. The time now is 10:54 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration