Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-30-2017, 05:52 AM
|
#1
|
Member
Registered: Nov 2013
Location: Pune, India
Distribution: CentOS
Posts: 85
Rep:
|
Permission issue for directory access in user's home directory
Hello,
I have 10 CentOS 7 servers. There is a python script which creates admin user, generates SSH keys, set the correct groups for admin user & other necessary settings.
On 8 out of the 10 servers, the script ran successfully. On 2 servers, the script fails while executing the below command -
Code:
sudo su -c 'ssh-keygen -q -t ecdsa -N \"\" -f ~/.ssh/id_ecdsa -b 521' -s /bin/bash admin
The error received was -
Code:
Could not stat /home/admin/.ssh: Permission denied
The issue is not with sudo access. Now, I checked the python script. It creates the admin user, then creates the .ssh directory inside the admin user's home directory, executes chown command so that admin user is owner for the .ssh directory.
The only difference I observed is that on servers where the python script is successful -
Code:
userb@server5:~$ ls -lZd /home/admin/
drwxr-x---. admin admin system_u:object_r:user_home_dir_t:s0 /home/admin
And where the script failed -
Code:
userb@server6:~$ ls -lZd /home/admin/
drwxr-x---. 1001 1001 system_u:object_r:user_home_dir_t:s0 /home/admin/
The groups that admin belongs to is same on all the servers -
Code:
userb@server6:~$ id admin
uid=2000(admin) gid=2000(admin) groups=2000(admin),10(wheel),600(java)
Any idea what the '1001' means here? And what could be the issue?
Thanks
Bhushan Pathak
|
|
|
06-30-2017, 06:54 AM
|
#2
|
Senior Member
Registered: Dec 2008
Location: root
Distribution: Slackware & BSD
Posts: 1,669
|
Quote:
Any idea what the '1001' means here? And what could be the issue?
|
It is a user ID. It means that: on systems (2 of them, you said) where the script failed, the folder /home/admin is NOT owned by 2000:2000, rather it is owned by 1001:1001 --user and group.
Thus, try to check whether somebody is already using the UID 2000 in those units/systems and make appropriate adjustments in assigning other UIDs. or
Try to change the owner:group of that mistaken folders in the 2 systems MANUALLY and observe if the problem goes off.
Code:
man chmod
man chgrp
Hope that helps. Good luck.
m.m.
|
|
1 members found this post helpful.
|
06-30-2017, 07:05 AM
|
#3
|
Member
Registered: Nov 2013
Location: Pune, India
Distribution: CentOS
Posts: 85
Original Poster
Rep:
|
Well, according to the /etc/passwd file
- There is no user with UID as 1001
- UID 2000 is assigned to admin user
Manually executing the chown command makes the problem go away.
Let me check further if I can dig up few more details. Any other things I can check/look for?
Last edited by BhushanPathak; 06-30-2017 at 07:24 AM.
|
|
|
06-30-2017, 12:57 PM
|
#5
|
LQ Newbie
Registered: Jun 2017
Posts: 16
Rep:
|
I guess the user 'admin' previously existed with uid 1001 on the two system that produces the error.
Appearantly, the uid 2000 comes from one of your scripts. At some point you create the user and subsequently assume the user to have uid 2000. But if the user already extisted with uid 1001, the creation fails and assumoption does not hold. You may fix the uid after the user creation attempt, see BW-userxs reply.
However, if user 'admin' existed beforehand there might be some reason for this, and if so you risk to break its previous function. If you dont know whether the existence of the user 'admin' is a relict of previous trials of yours, or has been on the system for other reasons, you better choose another user name, f.i. 'adminbushan', presuming the role the user you created has nothing to do with the role the previously existing 'admin'.
|
|
|
07-04-2017, 01:29 AM
|
#6
|
Member
Registered: Nov 2013
Location: Pune, India
Distribution: CentOS
Posts: 85
Original Poster
Rep:
|
I debugged this further and found the following -
1. All 10 centOS servers had a user admin created which had UID 1001
2. The python script that I executed intentionally deletes the admin user with UID 1001 & creates again with UID 2000
The same script worked on 8 servers & failed on 2.
Additionally, I cannot change the user name from admin to something else. Is there any thing else I can debug?
If I execute the script again, it would probably work as the old admin user [with UID 1001] is deleted from the system. This issue came up again on another 3 servers over the weekend.
Last edited by BhushanPathak; 07-04-2017 at 01:29 AM.
Reason: Rectified UID from 200 to 2000
|
|
|
07-04-2017, 01:52 AM
|
#7
|
Senior Member
Registered: Dec 2011
Location: Simplicity
Distribution: Mint/MATE
Posts: 2,931
|
A passwd caching service like nscd can obscure chown admin ....
chown 2000 ... i.e. a numeric uid/gid is safer.
Check your Python script for it!
|
|
|
07-04-2017, 04:52 AM
|
#8
|
Member
Registered: Nov 2013
Location: Pune, India
Distribution: CentOS
Posts: 85
Original Poster
Rep:
|
I verified that the python script indeed uses the UID & GID to set the ownership of the directory -
Code:
os.chown(path, uid, gid)
Just out of curiosity - if the home directory had some files in it & we delete the admin user, would the home directory be also deleted? If not, is there a possibility that we would run into this issue?
|
|
|
07-04-2017, 05:59 AM
|
#9
|
Senior Member
Registered: Dec 2011
Location: Simplicity
Distribution: Mint/MATE
Posts: 2,931
|
uid and gid are the names of two variables.
Ensure their values are not symbolic names!
Normally the homedirectory is not touched.
Tools like userdel provide an option for it: userdel -r ...
|
|
1 members found this post helpful.
|
07-11-2017, 06:04 AM
|
#10
|
Member
Registered: Nov 2013
Location: Pune, India
Distribution: CentOS
Posts: 85
Original Poster
Rep:
|
Using the -r option seems to have solved the issue.
Thanks everyone.
|
|
|
All times are GMT -5. The time now is 09:32 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|