Fedora This forum is for the discussion of the Fedora Project. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
02-07-2007, 03:50 PM
|
#1
|
Member
Registered: Feb 2007
Distribution: Fedora 10/Mint 5 KDE
Posts: 69
Rep:
|
Not getting prompted for Root password
I just started using Fedora 6 a few weeks ago (first-time Linux user) and today I started getting an "insufficient rights" message when attempting to launch apps that previously prompted me to enter the root password.
Now, when I last used Fedora a few days ago, I did disable some services that a Web doc said I could disable, and I changed the permissions on the /usr folder (gave Group and others "View and Modify" access; have changed the permissions back to just "View").
I can still do a "SU" to login as root in the Terminal.But when I try to open anything under Administration or System in my Fedora "Start" menu, I just get an insufficent rights error message.
Thanks in advance for any help you can provide.
|
|
|
02-07-2007, 05:15 PM
|
#2
|
Member
Registered: Mar 2005
Location: Glasgow, Scotland
Distribution: SuSE
Posts: 70
Rep:
|
I'm not too familiar with Fedora, but it may be that there is a command that needs to be run in the /usr/bin folder. Check that you can run gnomesu or whatever the graphical su program is used in Fedora. If you can't run it, you will need to change permissions to allow you to execute on that program.
|
|
|
02-09-2007, 10:52 AM
|
#3
|
Member
Registered: Feb 2007
Distribution: Fedora 10/Mint 5 KDE
Posts: 69
Original Poster
Rep:
|
Quote:
Originally Posted by cleidh_mor
Check that you can run gnomesu or whatever the graphical su program is used in Fedora. If you can't run it, you will need to change permissions to allow you to execute on that program.
|
I use the KDE desktop so I don't think that Gnomesu would apply in my case; however, there is no gnomesu in my /usr/bin folder anyway.
Anybody have any other ideas?
|
|
|
02-09-2007, 11:43 AM
|
#4
|
Senior Member
Registered: Dec 2004
Location: Olympia, WA, USA
Distribution: Fedora, (K)Ubuntu
Posts: 4,187
|
The KDE equivalent is kdesu.
Have you added yourself to the sudoers file?
Do you have selinux active? If your system is not publicly accessible, consider setting selinux to "permissive" mode. (The text of your message seems like it might be from selinux.) If you do set permissive mode, remember to check the audit logs for accesses that would have been disallowed if selinux was active.
If selinux is active and you don't want to set "permissive" mode, you'll need to add a rule so you can access "root" items. (Of course, just doing a su - would, in this case, be a better solution since it would restrict "root" access to users logged in as "root.")
|
|
|
02-09-2007, 12:14 PM
|
#5
|
Member
Registered: Jan 2006
Location: Frankfurt, Germany
Distribution: Fedora Core 6, Kubuntu 7.04
Posts: 60
Rep:
|
Quote:
Originally Posted by Go2doug
and I changed the permissions on the /usr folder (gave Group and others "View and Modify" access; have changed the permissions back to just "View").
|
I had exactly the same problem after I did the above to my /usr directory.
I believe it has got to do something with "special permissions" - those that can be set by suid.
The uid for the programs in the "Administration" menu hast to be root, of course.
I never actually solved the problem, since this happend shortly before Fedora 5 came out, and so I decided to simply upgrade.
But knowing a possible cause, you may have a new starting point, or someone else can help you from there.
Cheers, Tanja
Edit:
When I posted the above, I was at work with a Windoze system. Now I'm back home, and on checking the directory /usr/bin, I found the following programs with special permissions:
crontab -rwsr-sr-x
fusermount -rwsr-x-r--
at -rwsr-xr-x
chage -rwsr-xr-x
gpasswd -rwsr-xr-x
kgrantpty -rwsr-xr-x
kpac_dhcp_helper -rwsr-xr-x
newgrp -rwsr-xr-x
passwd -rwsr-xr-x
rcp -rwsr-xr-x
rlogin -rwsr-xr-x
rsh -rwsr-xr-x
chfn -rws--x--x
chsh -rws--x--x
Xorg -rws--x--x
lockfile -rwxr-sr-x
screen -rwxr-sr-x
ssh-agent -rwxr-sr-x
write -rwxr-sr-x
sudo ---s--x--x
sudoedit ---s--x--x
After changing the permissions for the complete /usr direction, you ended up with -rwxr-xr-x (or whatever you specified) for all the commands that had special permissions before. I suppose that's what causes the problem.
Last edited by tpetri1807; 02-09-2007 at 02:31 PM.
|
|
|
02-15-2007, 03:40 PM
|
#6
|
Member
Registered: Feb 2007
Distribution: Fedora 10/Mint 5 KDE
Posts: 69
Original Poster
Rep:
|
Quote:
Originally Posted by tpetri1807
Edit:
When I posted the above, I was at work with a Windoze system. Now I'm back home, and on checking the directory /usr/bin, I found the following programs with special permissions:
crontab -rwsr-sr-x
fusermount -rwsr-x-r--
at -rwsr-xr-x
chage -rwsr-xr-x
gpasswd -rwsr-xr-x
kgrantpty -rwsr-xr-x
kpac_dhcp_helper -rwsr-xr-x
newgrp -rwsr-xr-x
passwd -rwsr-xr-x
rcp -rwsr-xr-x
rlogin -rwsr-xr-x
rsh -rwsr-xr-x
chfn -rws--x--x
chsh -rws--x--x
Xorg -rws--x--x
lockfile -rwxr-sr-x
screen -rwxr-sr-x
ssh-agent -rwxr-sr-x
write -rwxr-sr-x
sudo ---s--x--x
sudoedit ---s--x--x
After changing the permissions for the complete /usr direction, you ended up with -rwxr-xr-x (or whatever you specified) for all the commands that had special permissions before. I suppose that's what causes the problem.
|
When I view the Properties of the /usr directory, I don't see anything like what you have above.
I have:
Owner: can view and modify content
Group: can view content
Others: can view content
Ownership:
User: root
Group: root
When I click "Advanced Permissions", there are three entries: Owner (rwx), Owning Group (r-x), Others (r-x).
Do you know how I can add crontab, fusermount, at, etc. to the permissions list?
|
|
|
02-17-2007, 08:11 AM
|
#8
|
Moderator
Registered: May 2001
Posts: 29,415
|
It appears that all who get the "insufficient rights" message made changes to the permissions on the /usr directory.
Yes, but in some cases the cause is unknown. Besides that you're quoting random threads from ages ago (in terms of FC releases).
How can I change the permissions there back to the default?
Well, since you said:
Quote:
I did disable some services that a Web doc said I could disable, and I changed the permissions on the /usr folder (gave Group and others "View and Modify" access; have changed the permissions back to just "View").
|
you should retrace your steps if you followed that doc to the letter. (BTW: what's the location of that doc?)
If you can't here's a script (basically is a twist on my earlier posted versions of "rpm-restore-perms.sh"):
Code:
#!/bin/sh --
rpm -q --verify --all --nodeps --nodigest --noscripts --nosignature \
--nolinkto --nomd5 --nosize --nomtime --nordev 2>/dev/null\
|grep "/usr"\
|grep ^.M 2>/dev/null| awk '{print $NF}'|while read f; do
pkg=`rpm -q --whatprovides "${f}" 2>/dev/null`
rpm -q --dump ${pkg}|grep "${f}"|while read t; do t=( ${t} )
for i in 3 4; do
case "${#t[$i]}" in 7)
echo "chmod ${t[$i]:3:4} ${t[0]}"
echo "chown ${t[5]}.${t[6]} ${t[0]}";;
esac; done
done
done
exit 0
* What this does:
Use the RPM package manager to verify packages, selecting only files in /usr with ownership or access rights that are wrong. It will not make changes but output what needs to be done. The lines should be of the format "chown user.user /some/file" and "chmod rights /some/file". Since you appear to have only problems with /usr that's what it'll output fixes for.
* How to use this:
1. Save as "/tmp/rpm-restore-perms-usr.sh".
2. Run "sh /tmp/rpm-restore-perms-usr.sh 2>/dev/null >/tmp/rpm-restore-perms-usr.pre"
3. Open /tmp/rpm-restore-perms-usr.pre in a text editor and review (for say changes outside /usr).
4. Run "sh /tmp/rpm-restore-perms-usr.pre 2>&1 | tee /tmp/rpm-restore-perms-usr.post"
5. Open /tmp/rpm-restore-perms-usr.post in a text editor and review for errors: post them here.
(6. Just in case: if you run SELinux, do "touch /.autorelabel" and reboot.)
As always: YMMV(VM). Do make backups if you don't trust stuff. Hell, make backups anyway ;-p
---
@PTrenholme:
If your system is not publicly accessible, consider setting selinux to "permissive" mode.
IMO people should run SELinux regardless of the system being publicly accessable or not. Chances are that if they make it publicly accessable later on they'll forget to enable SELinux. Besides that fixing and reporting errors will help make SELinux policies better which everybody benefits from.
(The text of your message seems like it might be from selinux.)
AFAIK it isn't. If it was then IMO the next step would be to look at AVC messages.
|
|
|
02-20-2007, 12:59 PM
|
#9
|
Member
Registered: Feb 2007
Distribution: Fedora 10/Mint 5 KDE
Posts: 69
Original Poster
Rep:
|
Quote:
Originally Posted by unSpawn
Well, since you said:
Quote:
I did disable some services that a Web doc said I could disable, and I changed the permissions on the /usr folder (gave Group and others "View and Modify" access; have changed the permissions back to just "View").
|
you should retrace your steps if you followed that doc to the letter. (BTW: what's the location of that doc?)
|
http://www.mjmwired.net/resources/mjm-services-fc6.html
BTW, problem fixed by reinstalling Fedora 6.
|
|
|
All times are GMT -5. The time now is 04:09 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|