LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-30-2017, 05:52 AM   #1
BhushanPathak
Member
 
Registered: Nov 2013
Location: Pune, India
Distribution: CentOS
Posts: 85

Rep: Reputation: Disabled
Permission issue for directory access in user's home directory


Hello,

I have 10 CentOS 7 servers. There is a python script which creates admin user, generates SSH keys, set the correct groups for admin user & other necessary settings.

On 8 out of the 10 servers, the script ran successfully. On 2 servers, the script fails while executing the below command -

Code:
sudo su -c 'ssh-keygen -q -t ecdsa -N \"\" -f ~/.ssh/id_ecdsa -b 521' -s /bin/bash admin
The error received was -
Code:
Could not stat /home/admin/.ssh: Permission denied
The issue is not with sudo access. Now, I checked the python script. It creates the admin user, then creates the .ssh directory inside the admin user's home directory, executes chown command so that admin user is owner for the .ssh directory.

The only difference I observed is that on servers where the python script is successful -
Code:
userb@server5:~$ ls -lZd /home/admin/
drwxr-x---. admin admin system_u:object_r:user_home_dir_t:s0 /home/admin
And where the script failed -
Code:
userb@server6:~$ ls -lZd /home/admin/
drwxr-x---. 1001 1001 system_u:object_r:user_home_dir_t:s0 /home/admin/

The groups that admin belongs to is same on all the servers -
Code:
userb@server6:~$ id admin
uid=2000(admin) gid=2000(admin) groups=2000(admin),10(wheel),600(java)
Any idea what the '1001' means here? And what could be the issue?

Thanks

Bhushan Pathak
 
Old 06-30-2017, 06:54 AM   #2
malekmustaq
Senior Member
 
Registered: Dec 2008
Location: root
Distribution: Slackware & BSD
Posts: 1,669

Rep: Reputation: 498Reputation: 498Reputation: 498Reputation: 498Reputation: 498
Quote:
Any idea what the '1001' means here? And what could be the issue?
It is a user ID. It means that: on systems (2 of them, you said) where the script failed, the folder /home/admin is NOT owned by 2000:2000, rather it is owned by 1001:1001 --user and group.

Thus, try to check whether somebody is already using the UID 2000 in those units/systems and make appropriate adjustments in assigning other UIDs. or
Try to change the owner:group of that mistaken folders in the 2 systems MANUALLY and observe if the problem goes off.
Code:
man chmod
man chgrp
Hope that helps. Good luck.

m.m.
 
1 members found this post helpful.
Old 06-30-2017, 07:05 AM   #3
BhushanPathak
Member
 
Registered: Nov 2013
Location: Pune, India
Distribution: CentOS
Posts: 85

Original Poster
Rep: Reputation: Disabled
Well, according to the /etc/passwd file
- There is no user with UID as 1001
- UID 2000 is assigned to admin user

Manually executing the chown command makes the problem go away.

Let me check further if I can dig up few more details. Any other things I can check/look for?

Last edited by BhushanPathak; 06-30-2017 at 07:24 AM.
 
Old 06-30-2017, 09:35 AM   #4
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: Somewhere in my head.
Distribution: Slackware (15 current), Slack15, Ubuntu studio, MX Linux, FreeBSD 13.1, WIn10
Posts: 10,342

Rep: Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242Reputation: 2242
change UID
Code:
usermod -u <NEWUID> <LOGIN>    
groupmod -g <NEWGID> <GROUP>
find / -user <OLDUID> -exec chown -h <NEWUID> {} \;
find / -group <OLDGID> -exec chgrp -h <NEWGID> {} \;
usermod -g <NEWGID> <LOGIN>
ref:
https://muffinresearch.co.uk/linux-c...gids-for-user/

https://www.cyberciti.biz/faq/linux-...l-owned-files/
 
Old 06-30-2017, 12:57 PM   #5
sweepnine
LQ Newbie
 
Registered: Jun 2017
Posts: 16

Rep: Reputation: Disabled
I guess the user 'admin' previously existed with uid 1001 on the two system that produces the error.

Appearantly, the uid 2000 comes from one of your scripts. At some point you create the user and subsequently assume the user to have uid 2000. But if the user already extisted with uid 1001, the creation fails and assumoption does not hold. You may fix the uid after the user creation attempt, see BW-userxs reply.

However, if user 'admin' existed beforehand there might be some reason for this, and if so you risk to break its previous function. If you dont know whether the existence of the user 'admin' is a relict of previous trials of yours, or has been on the system for other reasons, you better choose another user name, f.i. 'adminbushan', presuming the role the user you created has nothing to do with the role the previously existing 'admin'.
 
Old 07-04-2017, 01:29 AM   #6
BhushanPathak
Member
 
Registered: Nov 2013
Location: Pune, India
Distribution: CentOS
Posts: 85

Original Poster
Rep: Reputation: Disabled
I debugged this further and found the following -
1. All 10 centOS servers had a user admin created which had UID 1001
2. The python script that I executed intentionally deletes the admin user with UID 1001 & creates again with UID 2000

The same script worked on 8 servers & failed on 2.

Additionally, I cannot change the user name from admin to something else. Is there any thing else I can debug?

If I execute the script again, it would probably work as the old admin user [with UID 1001] is deleted from the system. This issue came up again on another 3 servers over the weekend.

Last edited by BhushanPathak; 07-04-2017 at 01:29 AM. Reason: Rectified UID from 200 to 2000
 
Old 07-04-2017, 01:52 AM   #7
MadeInGermany
Senior Member
 
Registered: Dec 2011
Location: Simplicity
Distribution: Mint/MATE
Posts: 2,931

Rep: Reputation: 1249Reputation: 1249Reputation: 1249Reputation: 1249Reputation: 1249Reputation: 1249Reputation: 1249Reputation: 1249Reputation: 1249
A passwd caching service like nscd can obscure chown admin ....
chown 2000 ... i.e. a numeric uid/gid is safer.
Check your Python script for it!
 
Old 07-04-2017, 04:52 AM   #8
BhushanPathak
Member
 
Registered: Nov 2013
Location: Pune, India
Distribution: CentOS
Posts: 85

Original Poster
Rep: Reputation: Disabled
I verified that the python script indeed uses the UID & GID to set the ownership of the directory -

Code:
os.chown(path, uid, gid)

Just out of curiosity - if the home directory had some files in it & we delete the admin user, would the home directory be also deleted? If not, is there a possibility that we would run into this issue?
 
Old 07-04-2017, 05:59 AM   #9
MadeInGermany
Senior Member
 
Registered: Dec 2011
Location: Simplicity
Distribution: Mint/MATE
Posts: 2,931

Rep: Reputation: 1249Reputation: 1249Reputation: 1249Reputation: 1249Reputation: 1249Reputation: 1249Reputation: 1249Reputation: 1249Reputation: 1249
uid and gid are the names of two variables.
Ensure their values are not symbolic names!

Normally the homedirectory is not touched.
Tools like userdel provide an option for it: userdel -r ...
 
1 members found this post helpful.
Old 07-11-2017, 06:04 AM   #10
BhushanPathak
Member
 
Registered: Nov 2013
Location: Pune, India
Distribution: CentOS
Posts: 85

Original Poster
Rep: Reputation: Disabled
Using the -r option seems to have solved the issue.

Thanks everyone.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] 'Could not chdir to home directory /home/[user]: Permission denied' arashi256 Linux - Newbie 25 11-11-2011 09:29 AM
changing home directory permission in user management after user created in suse(KDE) hamedhsn Linux - Security 4 04-06-2011 09:18 PM
Crontab permission denied while making a directory in user's home Dfangs Linux - Server 3 05-29-2009 09:44 AM
How can I set the permission on the home directory when creating an user crisostomo_enrico Solaris / OpenSolaris 4 09-26-2007 06:24 PM
Permission problems when removing user's home directory. davethegenius Linux - Software 3 08-11-2005 04:01 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration