Ok i've got a mandrake 9.1 system that is acting up.

When first installed over a year ago, I set the security level at some annoying level. But I could deal with it.

At some point, the msec links to server settings in /etc/security/msec disappeared.. the link 'server' is broken. I no longer get emails about some daemon checking permissions and various other security checks. This sudden stop was sort of disturbing but its not a production box I wasn't too worried about it.

Yesterday, another user was installing some php bb software.

Today, as a normal user I can no longer execute most of the binaries in /bin or /usr/bin
I get a:
-bash: /usr/bin/uptime: Permission Denied

The permissions for this file seem fine:
ll /usr/bin/uptime
-r-xr-xr-x 1 root root 2876 Mar 3 2003 /usr/bin/uptime*

I suspected perhaps the glibc was not accessible or something but the permissions on libraries seem fine also.

I'm about ready to just wipe the system and start over this weekend. The distro is so old even MandrakeUpdate will no longer update rpms because the ftp server is out of date or something.

I'm mainly just curious how this is possible. I consider myself pretty experienced with linux and security in general, but this mandrake security stuff has me pretty stumped.

Any help would be appreciated.

Rhett

Did somebody do something like remount the / and/or /usr filesystems noexec? That might cause this behavior. What happens if you try running uptime as root?

Everything works as root.

[root@anna bin]# df -k
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/hda6 59510936 3894712 55616224 7% /
/dev/hda1 15522 4513 10208 31% /boot
/dev/md0 75061320 1888524 73172796 3% /home
[root@anna bin]# cat /etc/fstab
/dev/hda6 / reiserfs notail 1 1
/dev/hda1 /boot ext2 defaults 1 2
/dev/md0 /home reiserfs defaults 1 3
none /dev/pts devpts mode=0620 0 0
/dev/hdc /mnt/cdrom auto user,iocharset=iso8859-1,codepage=850,noauto,ro,exec 0 0
/dev/fd0 /mnt/floppy auto user,iocharset=iso8859-1,sync,codepage=850,noauto,exec 0 0
none /proc proc defaults 0 0
/dev/hda5 swap swap defaults 0 0


Nothing seems out of the ordinary on the filesystem front to me.
Also, I can run things like 'ls' (/bin/ls)

It looks like I can run anything in /bin, but no /usr/bin or other /usr

Here is the permissions at /
[root@anna /]# ll
total 160
drwxr-x--x 2 root adm 2392 Oct 6 2003 bin/
drwx--x--- 4 root ctools 1024 Aug 29 05:34 boot/
drwx--x--x 23 root root 139760 Aug 29 05:33 dev/
drwx--x--x 65 root adm 5472 Sep 7 12:04 etc/
drwxr-x--x 8 root adm 168 Dec 2 2003 home/
drwxr-xr-x 2 root root 80 Jan 1 2002 initrd/
drwxr-x--x 10 root adm 3304 Oct 6 2003 lib/
drwxr-x--- 5 root adm 120 Aug 25 2003 mnt/
drwxr-xr-x 2 root root 48 Aug 23 1999 opt/
dr-xr-xr-x 73 root root 0 Aug 28 22:33 proc/
drwx------ 11 root root 648 Sep 8 10:24 root/
drwxr-x--x 2 root adm 4968 Oct 6 2003 sbin/
drwxrwxrwt 4 root adm 560 Sep 8 04:02 tmp/
drwxr-xr-x 12 root adm 312 Dec 31 2001 usr/
drwxr-xr-x 22 root root 560 Dec 31 2001 var/

Nevermind. I figured it out

Somehow /usr/bin was owned by user mysql.

I still don't understand why that doesn't allow 'other' to execute since it was set to o+x.... but I changed it back to root:adm and now it works

Let that be a lesson to you all.

Rhett