impossible situation. root is Permission denied to run a script with 777 permissions

how in the world is this possible?

Code:

-rwxrwxrwx.  1 ray  ray         464 Dec 31 15:45 nospace.sh*
[root@centos Dr_Who]# ./nospace.sh
-bash: ./nospace.sh: Permission denied
[root@centos Dr_Who]# chmod a+x nospace.sh 
[root@centos Dr_Who]# ./nospace.sh
-bash: ./nospace.sh: Permission denied

its a typical script that ive used hundreds of times on this exact server as both user and root to replace spaces with _..

Code:

[root@centos Dr_Who]# cat nospace.sh 
#!/bin/bash
if [ -n "$1" ]
then
  if [ -d "$1" ] 
  then
    cd "$1"
  else
    echo invalid directory
    exit
  fi
fi

for i in *
do
  OLDNAME="$i"
  NEWNAME=`echo "$i" | tr ' ' '_' | sed s/_-_/-/g`
  if [ "$NEWNAME" != "$OLDNAME" ]
  then
    TMPNAME="$i"_TMP 
    echo ""
    mv -v -- "$OLDNAME" "$TMPNAME"
    mv -v -- "$TMPNAME" "$NEWNAME"
  fi
  if [ -d "$NEWNAME" ] 
  then
    echo Recursing lowercase for directory "$NEWNAME"
    $0 "$NEWNAME"
  fi
done

nothing out of the ordinary there.

Code:

[ray@centos Dr_Who]$ d
total 6040752
drwxrwxr-x. 14 ray  ray        4096 Dec 31 15:45 ./
drwsrwxrwx. 22 root root       4096 Dec 19 10:45 ../
-rw-r--r--.  1 ray  ray  2203326316 Nov 25 02:26 Doctor_Who-50th_Anniversary_Special_The_Day_of_the_Doctor.mkv
-rw-rw-r--.  1 ray  ray  1505484852 Sep  3 23:15 Doctor_Who_at_the_Proms_II-2013.mkv
-rw-rw-r--.  1 ray  ray  1319808158 Mar  1  2013 Doctor_Who_Christmas_Special_The_Snowmen.mkv
drwxr-xr-x. 10 ray  ray        4096 Oct 20 21:12 Doctor_Who-Season_01-1963–64/
drwxr-xr-x. 11 ray  ray        4096 Oct 20 21:48 Doctor Who - Season 02 - (1964-65) - 39 Episodes/
drwxr-xr-x. 12 ray  ray        4096 Oct 20 22:43 Doctor Who - Season 03 - (1965-66) - 45 Episodes/
drwxr-xr-x. 11 ray  ray        4096 Oct 20 23:25 Doctor Who - Season 04 - (1966–67) - 43 Episodes/
drwxr-xr-x.  9 ray  ray        4096 Oct 21 00:04 Doctor Who - Season 05 - (1967-68) - 40 Episodes/
drwxrwxr-x.  2 ray  ray        4096 Apr 18  2013 Doctor_Who_Season_1/
drwxrwxr-x.  2 ray  ray        4096 Apr 18  2013 Doctor_Who_Season_2/
drwxrwxr-x.  2 ray  ray        4096 Apr 18  2013 Doctor_Who_Season_3/
drwxrwxr-x.  2 ray  ray        4096 Apr 18  2013 Doctor_Who_Season_4/
drwxr-xr-x.  2 ray  ray        4096 Apr 18  2013 Doctor_Who_Season_5/
drwxrwxr-x.  2 ray  ray        4096 Apr 18  2013 Doctor_Who_Season_6/
drwxrwxr-x.  2 ray  ray        4096 Dec 27 15:35 Doctor_Who_Season_7/
-rw-rw-r--.  1 ray  ray  1157025282 Dec 17 02:08 Doctor.Who.The.Ultimate.Guide.720p.HDTV.x264.AAC.MVGroup.org.mkv
-rwxrwxrwx.  1 ray  ray         464 Dec 31 15:45 nospace.sh*
[ray@centos Dr_Who]$ ./nospace.sh
-bash: ./nospace.sh: Permission denied
[ray@centos Dr_Who]$ whoami
ray

i am the owner, i have full permissions, the directory is owned and controlled by me, why in the world can i no longer run this simple script?

edit to add**

yet i can cp/mv/rm/ any directory/file i desire in same directory(ies)

Apparently you have SEL or are using ACLs in that directory.

Code:

-rwxrwxrwx.  1 ray  ray         464 Dec 31 15:45 nospace.sh*

Is that blocking access/execution?

not that im aware of. this is one of my NFS shares for my media server to the house.

Code:

[ray@centos Dr_Who]$ cat /etc/exports 
#
#	/etc/exports

#	NFS4
/exports *(rw,insecure,subtree_check,crossmnt,fsid=0)

#	NFSv3
/exports/centos/public *(rw,insecure,no_subtree_check,fsid=3010)
/exports/NFS_TV_Shows *(rw,insecure,no_subtree_check,fsid=3020)

Code:

[ray@centos Dr_Who]$ df -Th
Filesystem                    Type   Size  Used Avail Use% Mounted on
/dev/mapper/vg_centos-lv_root ext4    50G   17G   31G  35% /
tmpfs                         tmpfs  3.9G  4.0K  3.9G   1% /dev/shm
/dev/sdb1                     ext4   485M  149M  312M  33% /boot
/dev/mapper/vg_centos-lv_home ext4   1.8T  969G  722G  58% /exports/centos
/dev/sda1                     ext4   1.4T  802G  504G  62% /exports/NFS_TV_Shows
/dev/sdc1                     ext4   3.6T  1.9T  1.6T  56% /exports/New
[ray@centos Dr_Who]$ cat /etc/fstab 

#
# /etc/fstab
# Created by anaconda on Fri Jan  4 14:43:59 2013
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/vg_centos-lv_root /                       ext4    defaults        1 1
UUID=7b6db420-abc8-4ad9-a8a1-a8da83552e09 /boot                   ext4    defaults        1 2
/dev/mapper/vg_centos-lv_home /exports/centos                   ext4    defaults        1 2
/dev/mapper/vg_centos-lv_swap swap                    swap    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
UUID=2284e13a-7d41-461d-aa97-131612ac6174	/exports/NFS_TV_Shows	ext4	rw,user	0 0
UUID=dfba63a0-9b78-44bf-bb5f-12f141472a06 	/exports/New		ext4	rw,user	0 0

as for detecting SEL or ACLs how? neither I am aware of ever configuring or enabling.

found something, but not sure how to resolve the issue:

Code:

[ray@centos Dr_Who]$ mount | column -t
/dev/mapper/vg_centos-lv_root  on  /                         type  ext4         (rw)
proc                           on  /proc                     type  proc         (rw)
sysfs                          on  /sys                      type  sysfs        (rw)
devpts                         on  /dev/pts                  type  devpts       (rw,gid=5,mode=620)
tmpfs                          on  /dev/shm                  type  tmpfs        (rw,rootcontext="system_u:object_r:tmpfs_t:s0")
/dev/sdb1                      on  /boot                     type  ext4         (rw)
/dev/mapper/vg_centos-lv_home  on  /exports/centos           type  ext4         (rw)
/dev/sda1                      on  /exports/NFS_TV_Shows     type  ext4         (rw,noexec,nosuid,nodev)
/dev/sdc1                      on  /exports/New              type  ext4         (rw,noexec,nosuid,nodev)
none                           on  /proc/sys/fs/binfmt_misc  type  binfmt_misc  (rw)
sunrpc                         on  /var/lib/nfs/rpc_pipefs   type  rpc_pipefs   (rw)
nfsd                           on  /proc/fs/nfsd             type  nfsd         (rw)
/exports/centos                on  /home/ssmahome            type  none         (rw,bind)

i see that both sda1 and sdc1 are set to noexec, how do i get around that and modify my fstab so it mounts with proper permissions to match the LVM for centos-lv?

Quote:

Originally Posted by lleb as for detecting SEL or ACLs how? neither I am aware of ever configuring or enabling.

I do not use SEL or ACLs so don't know much about them, but you can see the presence by the trailing dot in the long file listing format:

Code:

-rwxrwxrwx.  1 ray  ray         464 Dec 31 15:45 nospace.sh*

Hilighted here...

-rwxrwxrwx[.]  1 ray  ray         464 Dec 31 15:45 nospace.sh*

It is my understanding that the dot indicates that the directory is under SEL/ACL control. Beyond that I don't know much...

thanks, it at least gives me a direction in addition to what i found with the mount command above.

Quote:

Originally Posted by lleb thanks, it at least gives me a direction in addition to what i found with the mount command above.

Looking around I found this from info ls:

Quote:

Following the file mode bits is a single character that specifies whether an alternate access method such as an access control list applies to the file. When the character following the file mode bits is a space, there is no alternate access method. When it is a printing character, then there is such a method. GNU `ls' uses a `.' character to indicate a file with an SELinux security context, but no other alternate access method. A file with any other combination of alternate access methods is marked with a `+' character.

From that it is still a little ambiguous whether that means specifically SEL/ACL or simply any "alternate access method". Taking the latter case that might include the noexec from fstab.

It should be easy to edit your fstab and remove the noexec flag. Not sure off the top of my pointy head whether it might be necessary to also change the NFS exports setup, so that migt be worth checking.

Change in fstab from 'rw,user' to 'rw,user,exec'

Quote:

-rwxrwxrwx. 1 ray ray

that is a bit odd
ray as user name is fine
BUT ray as the group ???? -- odd

it should be
user = ray
group = users

the user "ray" should be in the "users" group
and that group should be the one that the folder is set to
( the same as your HOME folder )

Nothing wrong in creating a group with the same name as your user and make that your main group. Some distros does it as default.

Quote:

Originally Posted by John VV that is a bit odd ray as user name is fine BUT ray as the group ???? -- odd it should be user = ray group = users the user "ray" should be in the "users" group and that group should be the one that the folder is set to ( the same as your HOME folder )

yes it is ray ray for user/group on that account even in my home directory

it is uid, gid, and group all = 501 named ray.

An individual group per user has been the recommendation for quite a few years now. Giving each user a unique primary group ID makes it possible to form groups that share directories without requiring people to be constantly changing their umask. When working in the group-shared directory, you need to have a umask that permits group access, but if everyone's primary group is "users", you need to turn off group permissions when working elsewhere or else every user on the system would have access to your files. With a per-user primary group, a umask that does not block group access, and a set-GID permission bit on the shared directories, it all works pretty seamlessly.