LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices


Reply
  Search this Thread
Old 02-07-2007, 03:50 PM   #1
Doug Vitale
Member
 
Registered: Feb 2007
Distribution: Fedora 10/Mint 5 KDE
Posts: 69

Rep: Reputation: 16
Not getting prompted for Root password


I just started using Fedora 6 a few weeks ago (first-time Linux user) and today I started getting an "insufficient rights" message when attempting to launch apps that previously prompted me to enter the root password.

Now, when I last used Fedora a few days ago, I did disable some services that a Web doc said I could disable, and I changed the permissions on the /usr folder (gave Group and others "View and Modify" access; have changed the permissions back to just "View").

I can still do a "SU" to login as root in the Terminal.But when I try to open anything under Administration or System in my Fedora "Start" menu, I just get an insufficent rights error message.

Thanks in advance for any help you can provide.
 
Old 02-07-2007, 05:15 PM   #2
cleidh_mor
Member
 
Registered: Mar 2005
Location: Glasgow, Scotland
Distribution: SuSE
Posts: 70

Rep: Reputation: 15
I'm not too familiar with Fedora, but it may be that there is a command that needs to be run in the /usr/bin folder. Check that you can run gnomesu or whatever the graphical su program is used in Fedora. If you can't run it, you will need to change permissions to allow you to execute on that program.
 
Old 02-09-2007, 10:52 AM   #3
Doug Vitale
Member
 
Registered: Feb 2007
Distribution: Fedora 10/Mint 5 KDE
Posts: 69

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by cleidh_mor
Check that you can run gnomesu or whatever the graphical su program is used in Fedora. If you can't run it, you will need to change permissions to allow you to execute on that program.
I use the KDE desktop so I don't think that Gnomesu would apply in my case; however, there is no gnomesu in my /usr/bin folder anyway.

Anybody have any other ideas?
 
Old 02-09-2007, 11:43 AM   #4
PTrenholme
Senior Member
 
Registered: Dec 2004
Location: Olympia, WA, USA
Distribution: Fedora, (K)Ubuntu
Posts: 4,187

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
The KDE equivalent is kdesu.

Have you added yourself to the sudoers file?

Do you have selinux active? If your system is not publicly accessible, consider setting selinux to "permissive" mode. (The text of your message seems like it might be from selinux.) If you do set permissive mode, remember to check the audit logs for accesses that would have been disallowed if selinux was active.

If selinux is active and you don't want to set "permissive" mode, you'll need to add a rule so you can access "root" items. (Of course, just doing a su - would, in this case, be a better solution since it would restrict "root" access to users logged in as "root.")
 
Old 02-09-2007, 12:14 PM   #5
tpetri1807
Member
 
Registered: Jan 2006
Location: Frankfurt, Germany
Distribution: Fedora Core 6, Kubuntu 7.04
Posts: 60

Rep: Reputation: 15
Quote:
Originally Posted by Go2doug
and I changed the permissions on the /usr folder (gave Group and others "View and Modify" access; have changed the permissions back to just "View").
I had exactly the same problem after I did the above to my /usr directory.
I believe it has got to do something with "special permissions" - those that can be set by suid.
The uid for the programs in the "Administration" menu hast to be root, of course.
I never actually solved the problem, since this happend shortly before Fedora 5 came out, and so I decided to simply upgrade.
But knowing a possible cause, you may have a new starting point, or someone else can help you from there.
Cheers, Tanja

Edit:
When I posted the above, I was at work with a Windoze system. Now I'm back home, and on checking the directory /usr/bin, I found the following programs with special permissions:

crontab -rwsr-sr-x
fusermount -rwsr-x-r--
at -rwsr-xr-x
chage -rwsr-xr-x
gpasswd -rwsr-xr-x
kgrantpty -rwsr-xr-x
kpac_dhcp_helper -rwsr-xr-x
newgrp -rwsr-xr-x
passwd -rwsr-xr-x
rcp -rwsr-xr-x
rlogin -rwsr-xr-x
rsh -rwsr-xr-x
chfn -rws--x--x
chsh -rws--x--x
Xorg -rws--x--x
lockfile -rwxr-sr-x
screen -rwxr-sr-x
ssh-agent -rwxr-sr-x
write -rwxr-sr-x
sudo ---s--x--x
sudoedit ---s--x--x

After changing the permissions for the complete /usr direction, you ended up with -rwxr-xr-x (or whatever you specified) for all the commands that had special permissions before. I suppose that's what causes the problem.

Last edited by tpetri1807; 02-09-2007 at 02:31 PM.
 
Old 02-15-2007, 03:40 PM   #6
Doug Vitale
Member
 
Registered: Feb 2007
Distribution: Fedora 10/Mint 5 KDE
Posts: 69

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by tpetri1807

Edit:
When I posted the above, I was at work with a Windoze system. Now I'm back home, and on checking the directory /usr/bin, I found the following programs with special permissions:

crontab -rwsr-sr-x
fusermount -rwsr-x-r--
at -rwsr-xr-x
chage -rwsr-xr-x
gpasswd -rwsr-xr-x
kgrantpty -rwsr-xr-x
kpac_dhcp_helper -rwsr-xr-x
newgrp -rwsr-xr-x
passwd -rwsr-xr-x
rcp -rwsr-xr-x
rlogin -rwsr-xr-x
rsh -rwsr-xr-x
chfn -rws--x--x
chsh -rws--x--x
Xorg -rws--x--x
lockfile -rwxr-sr-x
screen -rwxr-sr-x
ssh-agent -rwxr-sr-x
write -rwxr-sr-x
sudo ---s--x--x
sudoedit ---s--x--x

After changing the permissions for the complete /usr direction, you ended up with -rwxr-xr-x (or whatever you specified) for all the commands that had special permissions before. I suppose that's what causes the problem.
When I view the Properties of the /usr directory, I don't see anything like what you have above.


I have:

Owner: can view and modify content
Group: can view content
Others: can view content

Ownership:

User: root
Group: root

When I click "Advanced Permissions", there are three entries: Owner (rwx), Owning Group (r-x), Others (r-x).

Do you know how I can add crontab, fusermount, at, etc. to the permissions list?
 
Old 02-15-2007, 04:15 PM   #7
Doug Vitale
Member
 
Registered: Feb 2007
Distribution: Fedora 10/Mint 5 KDE
Posts: 69

Original Poster
Rep: Reputation: 16
After looking around the Web for a while for more information on my problem, I learned that I am not the first one to have this problem, and it doesn't look like those before me had any luck fixing it:

http://forums.fedoraforum.org/showthread.php?t=64872

http://www.linuxforums.org/forum/red...nt-rights.html

http://www.linuxquestions.org/questi...ad.php?t=75428

http://www.redhatconfig.com/msg/85705.html

It appears that all who get the "insufficient rights" message made changes to the permissions on the /usr directory. How can I change the permissions there back to the default?
 
Old 02-17-2007, 08:11 AM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607Reputation: 3607
It appears that all who get the "insufficient rights" message made changes to the permissions on the /usr directory.
Yes, but in some cases the cause is unknown. Besides that you're quoting random threads from ages ago (in terms of FC releases).


How can I change the permissions there back to the default?
Well, since you said:
Quote:
I did disable some services that a Web doc said I could disable, and I changed the permissions on the /usr folder (gave Group and others "View and Modify" access; have changed the permissions back to just "View").
you should retrace your steps if you followed that doc to the letter. (BTW: what's the location of that doc?)
If you can't here's a script (basically is a twist on my earlier posted versions of "rpm-restore-perms.sh"):

Code:
#!/bin/sh --
rpm -q --verify --all --nodeps --nodigest --noscripts --nosignature \
--nolinkto --nomd5 --nosize --nomtime --nordev 2>/dev/null\
|grep "/usr"\
|grep ^.M 2>/dev/null| awk '{print $NF}'|while read f; do
        pkg=`rpm -q --whatprovides "${f}" 2>/dev/null`
        rpm -q --dump ${pkg}|grep "${f}"|while read t; do t=( ${t} )
                for i in 3 4; do
                        case "${#t[$i]}" in 7)
                                echo "chmod ${t[$i]:3:4} ${t[0]}"
                                echo "chown ${t[5]}.${t[6]} ${t[0]}";;
                        esac; done
                done
done
exit 0
* What this does:
Use the RPM package manager to verify packages, selecting only files in /usr with ownership or access rights that are wrong. It will not make changes but output what needs to be done. The lines should be of the format "chown user.user /some/file" and "chmod rights /some/file". Since you appear to have only problems with /usr that's what it'll output fixes for.

* How to use this:
1. Save as "/tmp/rpm-restore-perms-usr.sh".
2. Run "sh /tmp/rpm-restore-perms-usr.sh 2>/dev/null >/tmp/rpm-restore-perms-usr.pre"
3. Open /tmp/rpm-restore-perms-usr.pre in a text editor and review (for say changes outside /usr).
4. Run "sh /tmp/rpm-restore-perms-usr.pre 2>&1 | tee /tmp/rpm-restore-perms-usr.post"
5. Open /tmp/rpm-restore-perms-usr.post in a text editor and review for errors: post them here.
(6. Just in case: if you run SELinux, do "touch /.autorelabel" and reboot.)
As always: YMMV(VM). Do make backups if you don't trust stuff. Hell, make backups anyway ;-p


---
@PTrenholme:
If your system is not publicly accessible, consider setting selinux to "permissive" mode.
IMO people should run SELinux regardless of the system being publicly accessable or not. Chances are that if they make it publicly accessable later on they'll forget to enable SELinux. Besides that fixing and reporting errors will help make SELinux policies better which everybody benefits from.


(The text of your message seems like it might be from selinux.)
AFAIK it isn't. If it was then IMO the next step would be to look at AVC messages.
 
Old 02-20-2007, 12:59 PM   #9
Doug Vitale
Member
 
Registered: Feb 2007
Distribution: Fedora 10/Mint 5 KDE
Posts: 69

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by unSpawn
Well, since you said:
Quote:
I did disable some services that a Web doc said I could disable, and I changed the permissions on the /usr folder (gave Group and others "View and Modify" access; have changed the permissions back to just "View").
you should retrace your steps if you followed that doc to the letter. (BTW: what's the location of that doc?)
http://www.mjmwired.net/resources/mjm-services-fc6.html

BTW, problem fixed by reinstalling Fedora 6.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How could normal user obtain root password or change root password ckamheng Debian 18 02-18-2009 11:28 PM
How to retrieve( or reset) root password in Mandrake Linux, as I forgot my password? Reghunath Linux - Software 4 05-08-2008 05:11 AM
Not prompted to enter admin password during RH9 install...can't continue marvc Linux - Newbie 2 08-25-2005 04:18 PM
Prompted for Password When Configuring Printer Kamex SUSE / openSUSE 3 08-14-2005 11:05 PM
Logged in as root, prompted for root password ta0kira Slackware 13 04-25-2005 02:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora

All times are GMT -5. The time now is 04:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration