LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Mandriva (https://www.linuxquestions.org/questions/mandriva-30/)
-   -   Permission denied as root (https://www.linuxquestions.org/questions/mandriva-30/permission-denied-as-root-370596/)

Cadmium 10-07-2005 07:27 AM
Permission denied as root
 
Hi!

I weird problem has occurred to me a couple of times now.
As root, it happens that I get a permission denied when trying to open or even list some files with ls.
Typically, the files are accessible only to user X with the mode 700 (or *00). Then, logged as root (with su), I can't delete the files, read them or even list them. I find that weird because root is supposed to have all the rights, right?
As user X, I can do whatever I want with these same files or directories.

By files I mean real text files, or rpms, not a non-existing device or whatsoever.

My root identifier seems to be fine (it's still 0), at least that's what says 'id' (uid=0(root) gid=0(root) groups=0(root)).

So, I'm really wondering: what kind of unexpected security mechanism prevents my root user from accessing everything on the system?

Any clue?

BTW: I'm using the distribution 10.1.

tredegar 10-07-2005 08:04 AM
This is strange behaviour.
Perhaps there is a fault with your filesystem. You can Force a fsck at next boot with the command:

shutdown -Fr

Try that, and see if anything needs to be repaired.

HTH

Cadmium 10-07-2005 10:48 AM
Hi!

I tried the fsck. Everything was OK. And I still have the same problems with file access.

But actually, I'm starting to suspect something else: the files and directories root can't access are (auto)mounted from another computer. Would that explain why the access is denied, even if that directory (i.e. my home directory) is mounted on my computer?

The weird thing still is that I remember having had the problem with a USB stick too, where root couldn't overwrite one file but user X (the owner) could.

Is that a normal (i.e. expected) behavior?

tredegar 10-07-2005 10:55 AM
Are the files "automounted" using nfs?
Would be helpful to see the contents of your computer's /etc/fstab and the remote computer's /etc/exports files.

Cadmium 10-07-2005 11:13 AM
There is nothing in my fstab. I just have a /etc/auto.home where my user name, the remote machine and directory to mount are specified. That's it.

Here is a part of the mtab:
automount(pid3654) /home autofs rw,fd=4,pgrp=3654,minproto=2,maxproto=4 0 0
comp.at.my.domain:/dxs/users2/research/X /home/X nfs rw,addr=xxx.xxx.xxx.xxx 0 0

Unfortunately, I can't see the export file on the other computer. I could ask the administrators (on Monday).

I can't reproduce the error with the USB stick at the moment.

tredegar 10-07-2005 11:48 AM
Quote:
comp.at.my.domain:/dxs/users2/research/X /home/X nfs rw,addr=xxx.xxx.xxx.xxx 0 0
That looks like you are using nfs to mount the remote directory.

I'll bet that the remote computer does not have the no_root_squash option in /etc/exports. (And as enabling this is a security risk, it is unlikely they'll put it in for you!). Basically, this means that you cannot have your own root's rights apply to the remote files, only local ones.

There is a workaround though. You may have the same username on both computers, but it is quite likely that the UID's of those usernames are different. This is what is giving you permissions problems, as permissions go by the UID's and GID's, not the names associated with them. To find what your UID is do a grep username /etc/passwd, you'll get something like this:

Code:
grep tredegar  /etc/passwd
tredegar:x:501:501:tredegar:/home/tredegar:/bin/bash
My UID is the first "501".

Also, of you look at the remote systems nfs mounted files with konqueror (Make sure you have View->Details->Show Owner selected), or do a ls -l and you may not see your username as the "owner" - maybe just a number in the "owner" column - this is your UID on the remote system, which probably doesn't correspond with any user on your local system.

You need to find out what your UID is on the remote computer, and then create a user on your computer with the same uid as your username on the remote computer. Then you will be able to access your files as if they were your own (which they are).

-OR-

You need to assign yourself (locally) to a group that has the same GID as a group you belong to on the other computer, and fiddle about with group permissions on the remote computer (you'll probably need to be logged in to it to do this - either go there in person, or maybe you can get into your account with ssh). This may be more painful.

I hope I have explained this OK. Also, I hope I know what I am talking about!

Edit Re-reading your original post, I realsie that you already have access to your files, as yourself.
So, not being able to do things as root on the remote filesystem is normal behaviour (because of the no_root_squash non-option). If you want to be root on the remote system, you'll have to ssh there and know the root password.

Cadmium 10-07-2005 12:00 PM
Hi!

You explained clearly, no problem! My UID and username are the same on both computers (as it simplifies matter ;-).
But you're very likely to be right for the export stuff and the root access.
I'm going to check on Monday (since I guess there will be no administrator left at that time of the day). But I'm likely not to have a solution to my permission-denied problem as root, unless I make a daily copy of my local home directory onto the remote computer and access *only* the local files. That's just too bad...

Thanks a lot for your help! I really appreciate.


All times are GMT -5. The time now is 02:02 AM.