Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
12-31-2013, 02:48 PM
|
#1
|
|
Senior Member
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,992
|
impossible situation. root is Permission denied to run a script with 777 permissions
how in the world is this possible?
Code:
-rwxrwxrwx. 1 ray ray 464 Dec 31 15:45 nospace.sh*
[root@centos Dr_Who]# ./nospace.sh
-bash: ./nospace.sh: Permission denied
[root@centos Dr_Who]# chmod a+x nospace.sh
[root@centos Dr_Who]# ./nospace.sh
-bash: ./nospace.sh: Permission denied
its a typical script that ive used hundreds of times on this exact server as both user and root to replace spaces with _..
Code:
[root@centos Dr_Who]# cat nospace.sh
#!/bin/bash
if [ -n "$1" ]
then
if [ -d "$1" ]
then
cd "$1"
else
echo invalid directory
exit
fi
fi
for i in *
do
OLDNAME="$i"
NEWNAME=`echo "$i" | tr ' ' '_' | sed s/_-_/-/g`
if [ "$NEWNAME" != "$OLDNAME" ]
then
TMPNAME="$i"_TMP
echo ""
mv -v -- "$OLDNAME" "$TMPNAME"
mv -v -- "$TMPNAME" "$NEWNAME"
fi
if [ -d "$NEWNAME" ]
then
echo Recursing lowercase for directory "$NEWNAME"
$0 "$NEWNAME"
fi
done
nothing out of the ordinary there.
Code:
[ray@centos Dr_Who]$ d
total 6040752
drwxrwxr-x. 14 ray ray 4096 Dec 31 15:45 ./
drwsrwxrwx. 22 root root 4096 Dec 19 10:45 ../
-rw-r--r--. 1 ray ray 2203326316 Nov 25 02:26 Doctor_Who-50th_Anniversary_Special_The_Day_of_the_Doctor.mkv
-rw-rw-r--. 1 ray ray 1505484852 Sep 3 23:15 Doctor_Who_at_the_Proms_II-2013.mkv
-rw-rw-r--. 1 ray ray 1319808158 Mar 1 2013 Doctor_Who_Christmas_Special_The_Snowmen.mkv
drwxr-xr-x. 10 ray ray 4096 Oct 20 21:12 Doctor_Who-Season_01-1963–64/
drwxr-xr-x. 11 ray ray 4096 Oct 20 21:48 Doctor Who - Season 02 - (1964-65) - 39 Episodes/
drwxr-xr-x. 12 ray ray 4096 Oct 20 22:43 Doctor Who - Season 03 - (1965-66) - 45 Episodes/
drwxr-xr-x. 11 ray ray 4096 Oct 20 23:25 Doctor Who - Season 04 - (1966–67) - 43 Episodes/
drwxr-xr-x. 9 ray ray 4096 Oct 21 00:04 Doctor Who - Season 05 - (1967-68) - 40 Episodes/
drwxrwxr-x. 2 ray ray 4096 Apr 18 2013 Doctor_Who_Season_1/
drwxrwxr-x. 2 ray ray 4096 Apr 18 2013 Doctor_Who_Season_2/
drwxrwxr-x. 2 ray ray 4096 Apr 18 2013 Doctor_Who_Season_3/
drwxrwxr-x. 2 ray ray 4096 Apr 18 2013 Doctor_Who_Season_4/
drwxr-xr-x. 2 ray ray 4096 Apr 18 2013 Doctor_Who_Season_5/
drwxrwxr-x. 2 ray ray 4096 Apr 18 2013 Doctor_Who_Season_6/
drwxrwxr-x. 2 ray ray 4096 Dec 27 15:35 Doctor_Who_Season_7/
-rw-rw-r--. 1 ray ray 1157025282 Dec 17 02:08 Doctor.Who.The.Ultimate.Guide.720p.HDTV.x264.AAC.MVGroup.org.mkv
-rwxrwxrwx. 1 ray ray 464 Dec 31 15:45 nospace.sh*
[ray@centos Dr_Who]$ ./nospace.sh
-bash: ./nospace.sh: Permission denied
[ray@centos Dr_Who]$ whoami
ray
i am the owner, i have full permissions, the directory is owned and controlled by me, why in the world can i no longer run this simple script?
edit to add**
yet i can cp/mv/rm/ any directory/file i desire in same directory(ies)
Last edited by lleb; 12-31-2013 at 02:55 PM.
|
|
|
|
|
12-31-2013, 02:56 PM
|
#2
|
|
Moderator
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,366
|
Apparently you have SEL or are using ACLs in that directory.
Code:
-rwxrwxrwx. 1 ray ray 464 Dec 31 15:45 nospace.sh*
Is that blocking access/execution? |
|
|
|
|
12-31-2013, 03:04 PM
|
#3
|
|
Senior Member
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,992
Original Poster
|
not that im aware of. this is one of my NFS shares for my media server to the house.
Code:
[ray@centos Dr_Who]$ cat /etc/exports
#
# /etc/exports
# NFS4
/exports *(rw,insecure,subtree_check,crossmnt,fsid=0)
# NFSv3
/exports/centos/public *(rw,insecure,no_subtree_check,fsid=3010)
/exports/NFS_TV_Shows *(rw,insecure,no_subtree_check,fsid=3020)
Code:
[ray@centos Dr_Who]$ df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/vg_centos-lv_root ext4 50G 17G 31G 35% /
tmpfs tmpfs 3.9G 4.0K 3.9G 1% /dev/shm
/dev/sdb1 ext4 485M 149M 312M 33% /boot
/dev/mapper/vg_centos-lv_home ext4 1.8T 969G 722G 58% /exports/centos
/dev/sda1 ext4 1.4T 802G 504G 62% /exports/NFS_TV_Shows
/dev/sdc1 ext4 3.6T 1.9T 1.6T 56% /exports/New
[ray@centos Dr_Who]$ cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Fri Jan 4 14:43:59 2013
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/vg_centos-lv_root / ext4 defaults 1 1
UUID=7b6db420-abc8-4ad9-a8a1-a8da83552e09 /boot ext4 defaults 1 2
/dev/mapper/vg_centos-lv_home /exports/centos ext4 defaults 1 2
/dev/mapper/vg_centos-lv_swap swap swap defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
UUID=2284e13a-7d41-461d-aa97-131612ac6174 /exports/NFS_TV_Shows ext4 rw,user 0 0
UUID=dfba63a0-9b78-44bf-bb5f-12f141472a06 /exports/New ext4 rw,user 0 0
as for detecting SEL or ACLs how? neither I am aware of ever configuring or enabling. |
|
|
|
|
12-31-2013, 03:08 PM
|
#4
|
|
Senior Member
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,992
Original Poster
|
found something, but not sure how to resolve the issue:
Code:
[ray@centos Dr_Who]$ mount | column -t
/dev/mapper/vg_centos-lv_root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0")
/dev/sdb1 on /boot type ext4 (rw)
/dev/mapper/vg_centos-lv_home on /exports/centos type ext4 (rw)
/dev/sda1 on /exports/NFS_TV_Shows type ext4 (rw,noexec,nosuid,nodev)
/dev/sdc1 on /exports/New type ext4 (rw,noexec,nosuid,nodev)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
/exports/centos on /home/ssmahome type none (rw,bind)
i see that both sda1 and sdc1 are set to noexec, how do i get around that and modify my fstab so it mounts with proper permissions to match the LVM for centos-lv? |
|
|
|
|
12-31-2013, 03:10 PM
|
#5
|
|
Moderator
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,366
|
Quote:
Originally Posted by lleb
as for detecting SEL or ACLs how? neither I am aware of ever configuring or enabling.
|
I do not use SEL or ACLs so don't know much about them, but you can see the presence by the trailing dot in the long file listing format:
Code:
-rwxrwxrwx. 1 ray ray 464 Dec 31 15:45 nospace.sh*
Hilighted here...
-rwxrwxrwx[.] 1 ray ray 464 Dec 31 15:45 nospace.sh*
It is my understanding that the dot indicates that the directory is under SEL/ACL control. Beyond that I don't know much... |
|
|
|
|
12-31-2013, 03:12 PM
|
#6
|
|
Senior Member
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,992
Original Poster
|
thanks, it at least gives me a direction in addition to what i found with the mount command above.
|
|
|
|
|
12-31-2013, 03:21 PM
|
#7
|
|
Moderator
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,366
|
Quote:
Originally Posted by lleb
thanks, it at least gives me a direction in addition to what i found with the mount command above.
|
Looking around I found this from info ls:
Quote:
Following the file mode bits is a single character that specifies
whether an alternate access method such as an access control list
applies to the file. When the character following the file mode
bits is a space, there is no alternate access method. When it is
a printing character, then there is such a method.
GNU `ls' uses a `.' character to indicate a file with an SELinux
security context, but no other alternate access method.
A file with any other combination of alternate access methods is
marked with a `+' character.
|
From that it is still a little ambiguous whether that means specifically SEL/ACL or simply any "alternate access method". Taking the latter case that might include the noexec from fstab.
It should be easy to edit your fstab and remove the noexec flag. Not sure off the top of my pointy head whether it might be necessary to also change the NFS exports setup, so that migt be worth checking. |
|
|
1 members found this post helpful.
|
|
12-31-2013, 05:27 PM
|
#8
|
|
Member
Registered: Aug 2012
Location: Sweden
Distribution: Artix, LFS (built with pacman)
Posts: 379
Rep: 
|
Change in fstab from 'rw,user' to 'rw,user,exec'
|
|
|
|
|
12-31-2013, 06:31 PM
|
#9
|
|
LQ Muse
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,690
|
that is a bit odd
ray as user name is fine
BUT ray as the group ???? -- odd
it should be
user = ray
group = users
the user "ray" should be in the "users" group
and that group should be the one that the folder is set to
( the same as your HOME folder ) |
|
|
|
|
01-01-2014, 02:45 AM
|
#10
|
|
Member
Registered: Aug 2012
Location: Sweden
Distribution: Artix, LFS (built with pacman)
Posts: 379
Rep:
|
Nothing wrong in creating a group with the same name as your user and make that your main group. Some distros does it as default.
|
|
|
|
|
01-01-2014, 05:41 PM
|
#11
|
|
Senior Member
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,992
Original Poster
|
Quote:
Originally Posted by John VV
that is a bit odd
ray as user name is fine
BUT ray as the group ???? -- odd
it should be
user = ray
group = users
the user "ray" should be in the "users" group
and that group should be the one that the folder is set to
( the same as your HOME folder )
|
yes it is ray ray for user/group on that account even in my home directory
it is uid, gid, and group all = 501 named ray. |
|
|
|
|
01-01-2014, 06:06 PM
|
#12
|
|
Senior Member
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,820
|
An individual group per user has been the recommendation for quite a few years now. Giving each user a unique primary group ID makes it possible to form groups that share directories without requiring people to be constantly changing their umask. When working in the group-shared directory, you need to have a umask that permits group access, but if everyone's primary group is "users", you need to turn off group permissions when working elsewhere or else every user on the system would have access to your files. With a per-user primary group, a umask that does not block group access, and a set-GID permission bit on the shared directories, it all works pretty seamlessly.
|
|
|
|
All times are GMT -5. The time now is 10:28 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
