G'Day,

I had an embedded system where all files were assigned to a non-sensical uid and guid and all permissions were 0777 (I did this myself as I went along because it was easier at the time). I went through assigning sensible uids and guids and everything worked fine. I then went around and set the permissions for everything to what I thought would be best, however, after I finished I found that only busybox operations worked. I tried several things to correct this, but I do not know what it was that did the trick; I did accidentally reassign a+x to all files in the system. Everything worked, so I removed execute permissions from everything I thought did not need it, but this resulted in me killing all programs except busybox again.

What permissions are required, across the whole system, to execute programs? All programs and directories are set with a+rx, so I had thought they should run. On possiblilty that just came to mind as I typd this is shared libraries. Busybox is statically compiled, but nothing else is, so this may explain why only it works. Do libraries need certain permissions for a program to execute, or could it possibly be something else?

For my own understanding, as well as to fix the problem, what permissions, across the whole system, need to be set to be able to execute a program?

Libraries just need read perms. I can't think what would knock everything out if you removed execute permissions, maybe bash or sh. It sounds like you're knocking your shell out and that would be bash typically. Generally, at least for starters, I would make everything executable usually found in /bin, /sbin and /usr/bin.

By all programs, I means all programs. /bin/*, /sbin/*, /usr/bin/*, /usr/sbin/*, /usr/local/bin/* and /usr/local/sbin/* all have a+rx permissions. All busybox programs, including the shell, work fine, but nothing else.

I have found something else which may be useful information. I made a `Hello World'-type Lua script, put it in my current directory and executed it --- permission denied was reported. I then made a shell script for the same purpose, and it worked. The shell script only used /bin/sh and /bin/echo, which are both symlinks to busybox (all of these work), whilst the Lua script required /usr/bin/lua which, if I execute it by itself, will also report permission denied. It looks like I can execute scripts, if and only if I can execute any programs within the script.

For what it is worth, both /bin and /usr/bin have permissions drwxr-xr-x, /usr/bin/lua has permissions -rwxr-xr-x, /bin/busybox has permissions -rwsr-sr-x, and both /bin/sh and /bin/echo have lrwxrwxrwx. All of these are owned by root.root. I currently do not have a login shell attached, so I am operating as root.