LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva
User Name
Password
Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux.

Notices

Reply
 
Search this Thread
Old 10-07-2005, 07:27 AM   #1
Cadmium
Member
 
Registered: May 2004
Posts: 31

Rep: Reputation: 15
Permission denied as root


Hi!

I weird problem has occurred to me a couple of times now.
As root, it happens that I get a permission denied when trying to open or even list some files with ls.
Typically, the files are accessible only to user X with the mode 700 (or *00). Then, logged as root (with su), I can't delete the files, read them or even list them. I find that weird because root is supposed to have all the rights, right?
As user X, I can do whatever I want with these same files or directories.

By files I mean real text files, or rpms, not a non-existing device or whatsoever.

My root identifier seems to be fine (it's still 0), at least that's what says 'id' (uid=0(root) gid=0(root) groups=0(root)).

So, I'm really wondering: what kind of unexpected security mechanism prevents my root user from accessing everything on the system?

Any clue?

BTW: I'm using the distribution 10.1.
 
Old 10-07-2005, 08:04 AM   #2
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Debian "Jessie"
Posts: 6,012

Rep: Reputation: 367Reputation: 367Reputation: 367Reputation: 367
This is strange behaviour.
Perhaps there is a fault with your filesystem. You can Force a fsck at next boot with the command:

shutdown -Fr

Try that, and see if anything needs to be repaired.

HTH
 
Old 10-07-2005, 10:48 AM   #3
Cadmium
Member
 
Registered: May 2004
Posts: 31

Original Poster
Rep: Reputation: 15
Hi!

I tried the fsck. Everything was OK. And I still have the same problems with file access.

But actually, I'm starting to suspect something else: the files and directories root can't access are (auto)mounted from another computer. Would that explain why the access is denied, even if that directory (i.e. my home directory) is mounted on my computer?

The weird thing still is that I remember having had the problem with a USB stick too, where root couldn't overwrite one file but user X (the owner) could.

Is that a normal (i.e. expected) behavior?
 
Old 10-07-2005, 10:55 AM   #4
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Debian "Jessie"
Posts: 6,012

Rep: Reputation: 367Reputation: 367Reputation: 367Reputation: 367
Are the files "automounted" using nfs?
Would be helpful to see the contents of your computer's /etc/fstab and the remote computer's /etc/exports files.
 
Old 10-07-2005, 11:13 AM   #5
Cadmium
Member
 
Registered: May 2004
Posts: 31

Original Poster
Rep: Reputation: 15
There is nothing in my fstab. I just have a /etc/auto.home where my user name, the remote machine and directory to mount are specified. That's it.

Here is a part of the mtab:
automount(pid3654) /home autofs rw,fd=4,pgrp=3654,minproto=2,maxproto=4 0 0
comp.at.my.domain:/dxs/users2/research/X /home/X nfs rw,addr=xxx.xxx.xxx.xxx 0 0

Unfortunately, I can't see the export file on the other computer. I could ask the administrators (on Monday).

I can't reproduce the error with the USB stick at the moment.
 
Old 10-07-2005, 11:48 AM   #6
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Debian "Jessie"
Posts: 6,012

Rep: Reputation: 367Reputation: 367Reputation: 367Reputation: 367
Quote:
comp.at.my.domain:/dxs/users2/research/X /home/X nfs rw,addr=xxx.xxx.xxx.xxx 0 0
That looks like you are using nfs to mount the remote directory.

I'll bet that the remote computer does not have the no_root_squash option in /etc/exports. (And as enabling this is a security risk, it is unlikely they'll put it in for you!). Basically, this means that you cannot have your own root's rights apply to the remote files, only local ones.

There is a workaround though. You may have the same username on both computers, but it is quite likely that the UID's of those usernames are different. This is what is giving you permissions problems, as permissions go by the UID's and GID's, not the names associated with them. To find what your UID is do a grep username /etc/passwd, you'll get something like this:

Code:
grep tredegar  /etc/passwd
tredegar:x:501:501:tredegar:/home/tredegar:/bin/bash
My UID is the first "501".

Also, of you look at the remote systems nfs mounted files with konqueror (Make sure you have View->Details->Show Owner selected), or do a ls -l and you may not see your username as the "owner" - maybe just a number in the "owner" column - this is your UID on the remote system, which probably doesn't correspond with any user on your local system.

You need to find out what your UID is on the remote computer, and then create a user on your computer with the same uid as your username on the remote computer. Then you will be able to access your files as if they were your own (which they are).

-OR-

You need to assign yourself (locally) to a group that has the same GID as a group you belong to on the other computer, and fiddle about with group permissions on the remote computer (you'll probably need to be logged in to it to do this - either go there in person, or maybe you can get into your account with ssh). This may be more painful.

I hope I have explained this OK. Also, I hope I know what I am talking about!

Edit Re-reading your original post, I realsie that you already have access to your files, as yourself.
So, not being able to do things as root on the remote filesystem is normal behaviour (because of the no_root_squash non-option). If you want to be root on the remote system, you'll have to ssh there and know the root password.

Last edited by tredegar; 10-07-2005 at 12:00 PM.
 
Old 10-07-2005, 12:00 PM   #7
Cadmium
Member
 
Registered: May 2004
Posts: 31

Original Poster
Rep: Reputation: 15
Hi!

You explained clearly, no problem! My UID and username are the same on both computers (as it simplifies matter ;-).
But you're very likely to be right for the export stuff and the root access.
I'm going to check on Monday (since I guess there will be no administrator left at that time of the day). But I'm likely not to have a solution to my permission-denied problem as root, unless I make a daily copy of my local home directory onto the remote computer and access *only* the local files. That's just too bad...

Thanks a lot for your help! I really appreciate.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
permission denied as root Foosed Slackware 6 06-06-2005 12:38 AM
root gets permission denied Nightfrost Debian 22 11-21-2004 05:19 AM
denied permission as root kupek85 Linux - Software 3 08-24-2004 06:51 PM
Permission denied as root Cynric Linux - General 4 08-15-2004 11:47 AM
root permission denied xmaspie Linux - Newbie 2 11-05-2003 01:05 PM


All times are GMT -5. The time now is 01:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration