LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 12-31-2013, 03:48 PM   #1
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,581

Rep: Reputation: 480Reputation: 480Reputation: 480Reputation: 480Reputation: 480
impossible situation. root is Permission denied to run a script with 777 permissions


how in the world is this possible?

Code:
-rwxrwxrwx.  1 ray  ray         464 Dec 31 15:45 nospace.sh*
[root@centos Dr_Who]# ./nospace.sh
-bash: ./nospace.sh: Permission denied
[root@centos Dr_Who]# chmod a+x nospace.sh 
[root@centos Dr_Who]# ./nospace.sh
-bash: ./nospace.sh: Permission denied
its a typical script that ive used hundreds of times on this exact server as both user and root to replace spaces with _..

Code:
[root@centos Dr_Who]# cat nospace.sh 
#!/bin/bash
if [ -n "$1" ]
then
  if [ -d "$1" ] 
  then
    cd "$1"
  else
    echo invalid directory
    exit
  fi
fi

for i in *
do
  OLDNAME="$i"
  NEWNAME=`echo "$i" | tr ' ' '_' | sed s/_-_/-/g`
  if [ "$NEWNAME" != "$OLDNAME" ]
  then
    TMPNAME="$i"_TMP 
    echo ""
    mv -v -- "$OLDNAME" "$TMPNAME"
    mv -v -- "$TMPNAME" "$NEWNAME"
  fi
  if [ -d "$NEWNAME" ] 
  then
    echo Recursing lowercase for directory "$NEWNAME"
    $0 "$NEWNAME"
  fi
done
nothing out of the ordinary there.

Code:
[ray@centos Dr_Who]$ d
total 6040752
drwxrwxr-x. 14 ray  ray        4096 Dec 31 15:45 ./
drwsrwxrwx. 22 root root       4096 Dec 19 10:45 ../
-rw-r--r--.  1 ray  ray  2203326316 Nov 25 02:26 Doctor_Who-50th_Anniversary_Special_The_Day_of_the_Doctor.mkv
-rw-rw-r--.  1 ray  ray  1505484852 Sep  3 23:15 Doctor_Who_at_the_Proms_II-2013.mkv
-rw-rw-r--.  1 ray  ray  1319808158 Mar  1  2013 Doctor_Who_Christmas_Special_The_Snowmen.mkv
drwxr-xr-x. 10 ray  ray        4096 Oct 20 21:12 Doctor_Who-Season_01-1963–64/
drwxr-xr-x. 11 ray  ray        4096 Oct 20 21:48 Doctor Who - Season 02 - (1964-65) - 39 Episodes/
drwxr-xr-x. 12 ray  ray        4096 Oct 20 22:43 Doctor Who - Season 03 - (1965-66) - 45 Episodes/
drwxr-xr-x. 11 ray  ray        4096 Oct 20 23:25 Doctor Who - Season 04 - (1966–67) - 43 Episodes/
drwxr-xr-x.  9 ray  ray        4096 Oct 21 00:04 Doctor Who - Season 05 - (1967-68) - 40 Episodes/
drwxrwxr-x.  2 ray  ray        4096 Apr 18  2013 Doctor_Who_Season_1/
drwxrwxr-x.  2 ray  ray        4096 Apr 18  2013 Doctor_Who_Season_2/
drwxrwxr-x.  2 ray  ray        4096 Apr 18  2013 Doctor_Who_Season_3/
drwxrwxr-x.  2 ray  ray        4096 Apr 18  2013 Doctor_Who_Season_4/
drwxr-xr-x.  2 ray  ray        4096 Apr 18  2013 Doctor_Who_Season_5/
drwxrwxr-x.  2 ray  ray        4096 Apr 18  2013 Doctor_Who_Season_6/
drwxrwxr-x.  2 ray  ray        4096 Dec 27 15:35 Doctor_Who_Season_7/
-rw-rw-r--.  1 ray  ray  1157025282 Dec 17 02:08 Doctor.Who.The.Ultimate.Guide.720p.HDTV.x264.AAC.MVGroup.org.mkv
-rwxrwxrwx.  1 ray  ray         464 Dec 31 15:45 nospace.sh*
[ray@centos Dr_Who]$ ./nospace.sh
-bash: ./nospace.sh: Permission denied
[ray@centos Dr_Who]$ whoami
ray
i am the owner, i have full permissions, the directory is owned and controlled by me, why in the world can i no longer run this simple script?

edit to add**

yet i can cp/mv/rm/ any directory/file i desire in same directory(ies)

Last edited by lleb; 12-31-2013 at 03:55 PM.
 
Old 12-31-2013, 03:56 PM   #2
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware [64]X{.0|.1|.2|-current} ::X>=12<=14, FreeBSD_10{.0|.1}
Posts: 2,146

Rep: Reputation: 847Reputation: 847Reputation: 847Reputation: 847Reputation: 847Reputation: 847Reputation: 847
Apparently you have SEL or are using ACLs in that directory.

Code:
-rwxrwxrwx.  1 ray  ray         464 Dec 31 15:45 nospace.sh*
Is that blocking access/execution?
 
Old 12-31-2013, 04:04 PM   #3
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,581

Original Poster
Rep: Reputation: 480Reputation: 480Reputation: 480Reputation: 480Reputation: 480
not that im aware of. this is one of my NFS shares for my media server to the house.

Code:
[ray@centos Dr_Who]$ cat /etc/exports 
#
#	/etc/exports

#	NFS4
/exports *(rw,insecure,subtree_check,crossmnt,fsid=0)

#	NFSv3
/exports/centos/public *(rw,insecure,no_subtree_check,fsid=3010)
/exports/NFS_TV_Shows *(rw,insecure,no_subtree_check,fsid=3020)
Code:
[ray@centos Dr_Who]$ df -Th
Filesystem                    Type   Size  Used Avail Use% Mounted on
/dev/mapper/vg_centos-lv_root ext4    50G   17G   31G  35% /
tmpfs                         tmpfs  3.9G  4.0K  3.9G   1% /dev/shm
/dev/sdb1                     ext4   485M  149M  312M  33% /boot
/dev/mapper/vg_centos-lv_home ext4   1.8T  969G  722G  58% /exports/centos
/dev/sda1                     ext4   1.4T  802G  504G  62% /exports/NFS_TV_Shows
/dev/sdc1                     ext4   3.6T  1.9T  1.6T  56% /exports/New
[ray@centos Dr_Who]$ cat /etc/fstab 

#
# /etc/fstab
# Created by anaconda on Fri Jan  4 14:43:59 2013
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/vg_centos-lv_root /                       ext4    defaults        1 1
UUID=7b6db420-abc8-4ad9-a8a1-a8da83552e09 /boot                   ext4    defaults        1 2
/dev/mapper/vg_centos-lv_home /exports/centos                   ext4    defaults        1 2
/dev/mapper/vg_centos-lv_swap swap                    swap    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
UUID=2284e13a-7d41-461d-aa97-131612ac6174	/exports/NFS_TV_Shows	ext4	rw,user	0 0
UUID=dfba63a0-9b78-44bf-bb5f-12f141472a06 	/exports/New		ext4	rw,user	0 0
as for detecting SEL or ACLs how? neither I am aware of ever configuring or enabling.
 
Old 12-31-2013, 04:08 PM   #4
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,581

Original Poster
Rep: Reputation: 480Reputation: 480Reputation: 480Reputation: 480Reputation: 480
found something, but not sure how to resolve the issue:

Code:
[ray@centos Dr_Who]$ mount | column -t
/dev/mapper/vg_centos-lv_root  on  /                         type  ext4         (rw)
proc                           on  /proc                     type  proc         (rw)
sysfs                          on  /sys                      type  sysfs        (rw)
devpts                         on  /dev/pts                  type  devpts       (rw,gid=5,mode=620)
tmpfs                          on  /dev/shm                  type  tmpfs        (rw,rootcontext="system_u:object_r:tmpfs_t:s0")
/dev/sdb1                      on  /boot                     type  ext4         (rw)
/dev/mapper/vg_centos-lv_home  on  /exports/centos           type  ext4         (rw)
/dev/sda1                      on  /exports/NFS_TV_Shows     type  ext4         (rw,noexec,nosuid,nodev)
/dev/sdc1                      on  /exports/New              type  ext4         (rw,noexec,nosuid,nodev)
none                           on  /proc/sys/fs/binfmt_misc  type  binfmt_misc  (rw)
sunrpc                         on  /var/lib/nfs/rpc_pipefs   type  rpc_pipefs   (rw)
nfsd                           on  /proc/fs/nfsd             type  nfsd         (rw)
/exports/centos                on  /home/ssmahome            type  none         (rw,bind)
i see that both sda1 and sdc1 are set to noexec, how do i get around that and modify my fstab so it mounts with proper permissions to match the LVM for centos-lv?
 
Old 12-31-2013, 04:10 PM   #5
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware [64]X{.0|.1|.2|-current} ::X>=12<=14, FreeBSD_10{.0|.1}
Posts: 2,146

Rep: Reputation: 847Reputation: 847Reputation: 847Reputation: 847Reputation: 847Reputation: 847Reputation: 847
Quote:
Originally Posted by lleb View Post

as for detecting SEL or ACLs how? neither I am aware of ever configuring or enabling.
I do not use SEL or ACLs so don't know much about them, but you can see the presence by the trailing dot in the long file listing format:

Code:
-rwxrwxrwx.  1 ray  ray         464 Dec 31 15:45 nospace.sh*

Hilighted here...

-rwxrwxrwx[.]  1 ray  ray         464 Dec 31 15:45 nospace.sh*
It is my understanding that the dot indicates that the directory is under SEL/ACL control. Beyond that I don't know much...
 
Old 12-31-2013, 04:12 PM   #6
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,581

Original Poster
Rep: Reputation: 480Reputation: 480Reputation: 480Reputation: 480Reputation: 480
thanks, it at least gives me a direction in addition to what i found with the mount command above.
 
Old 12-31-2013, 04:21 PM   #7
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware [64]X{.0|.1|.2|-current} ::X>=12<=14, FreeBSD_10{.0|.1}
Posts: 2,146

Rep: Reputation: 847Reputation: 847Reputation: 847Reputation: 847Reputation: 847Reputation: 847Reputation: 847
Quote:
Originally Posted by lleb View Post
thanks, it at least gives me a direction in addition to what i found with the mount command above.
Looking around I found this from info ls:

Quote:
Following the file mode bits is a single character that specifies
whether an alternate access method such as an access control list
applies to the file. When the character following the file mode
bits is a space, there is no alternate access method. When it is
a printing character, then there is such a method.

GNU `ls' uses a `.' character to indicate a file with an SELinux
security context, but no other alternate access method.

A file with any other combination of alternate access methods is
marked with a `+' character.
From that it is still a little ambiguous whether that means specifically SEL/ACL or simply any "alternate access method". Taking the latter case that might include the noexec from fstab.

It should be easy to edit your fstab and remove the noexec flag. Not sure off the top of my pointy head whether it might be necessary to also change the NFS exports setup, so that migt be worth checking.
 
1 members found this post helpful.
Old 12-31-2013, 06:27 PM   #8
Lennie
Member
 
Registered: Aug 2012
Location: Sweden
Distribution: LFS, built with pacman
Posts: 302

Rep: Reputation: 61
Change in fstab from 'rw,user' to 'rw,user,exec'
 
Old 12-31-2013, 07:31 PM   #9
John VV
Guru
 
Registered: Aug 2005
Posts: 13,455

Rep: Reputation: 1799Reputation: 1799Reputation: 1799Reputation: 1799Reputation: 1799Reputation: 1799Reputation: 1799Reputation: 1799Reputation: 1799Reputation: 1799Reputation: 1799
Quote:
-rwxrwxrwx. 1 ray ray
that is a bit odd
ray as user name is fine
BUT ray as the group ???? -- odd

it should be
user = ray
group = users

the user "ray" should be in the "users" group
and that group should be the one that the folder is set to
( the same as your HOME folder )
 
Old 01-01-2014, 03:45 AM   #10
Lennie
Member
 
Registered: Aug 2012
Location: Sweden
Distribution: LFS, built with pacman
Posts: 302

Rep: Reputation: 61
Nothing wrong in creating a group with the same name as your user and make that your main group. Some distros does it as default.
 
Old 01-01-2014, 06:41 PM   #11
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora
Posts: 2,581

Original Poster
Rep: Reputation: 480Reputation: 480Reputation: 480Reputation: 480Reputation: 480
Quote:
Originally Posted by John VV View Post
that is a bit odd
ray as user name is fine
BUT ray as the group ???? -- odd

it should be
user = ray
group = users

the user "ray" should be in the "users" group
and that group should be the one that the folder is set to
( the same as your HOME folder )
yes it is ray ray for user/group on that account even in my home directory

it is uid, gid, and group all = 501 named ray.
 
Old 01-01-2014, 07:06 PM   #12
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 1,602

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
An individual group per user has been the recommendation for quite a few years now. Giving each user a unique primary group ID makes it possible to form groups that share directories without requiring people to be constantly changing their umask. When working in the group-shared directory, you need to have a umask that permits group access, but if everyone's primary group is "users", you need to turn off group permissions when working elsewhere or else every user on the system would have access to your files. With a per-user primary group, a umask that does not block group access, and a set-GID permission bit on the shared directories, it all works pretty seamlessly.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
mkdir throws Permission Denied error in a directoy even with root ownership and 777 permission surajchalukya Linux - Security 14 09-03-2012 09:34 AM
Permission denied even with chmod 777 Zabrajin Linux - Newbie 19 02-06-2011 08:40 AM
BIND 9 Permission denied when chmod is 777 o_O KasperLotus Linux - Networking 10 09-07-2005 01:20 AM
BIND 9 Permission denied when chmod is 777 o_O KasperLotus Linux - Software 0 08-29-2005 12:42 AM
crontab failure: permission denied trying to run script hedpe Linux - Software 5 05-03-2005 08:07 PM


All times are GMT -5. The time now is 07:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration