[SOLVED] Permission issues in CentOS

malak33 · 04-27-2012, 03:29 AM

so i made a script in the /usr/local/bin directory. I can run it under root, however when i change users and try to run the script it says permission denied, actually if i even try to run the command ls it says "ls: cannot open directory .: Permission denied"

if i run getfacl /usr/local/bin/script1 it shows this:
# file: usr/local/bin/script1
# owner: root
# group: root
user::rwx
user:gnobile:r-x
user:test:rwx
group::r--
mask::rwx
other::--x

i tried with user gnobile had these issues so i created user test and had same issues. Thanks for the help guys.

here is what I'm trying to do I would believe Lab 2 would be more important because it's what I'm having issues with.

In this lab you'll explore the role of permissions and the SUID bit. To do so, you'll create a simple script in the /usr/local/bin directory. Call it script1.

1. In a text editor, open file script1 in the /usr/local/bin directory.

2. Enter the following lines in that file:

#!/bin/bash
/bin/ls > filelist

3. Save the file.

4. Try to execute that script as the root administrative user. What happens?

5. Set up execute permissions for the user owner of the script1 file with the chmod u+x /usr/local/bin/script1 command. Can you now execute the script as the root administrative user?

6. Now set up execute permissions for other users in the script1 file. Log in as a regular user. Can you now execute the script as a regular user?

7. As it's a big security risk to set SUID permissions on a shell script, don't do that on the script1 file. Instead, remove SUID permissions on the /usr/bin/passwd executable file with the chmod u-s /usr/bin/passwd command.

8. Try to run the passwd command as a regular user. What happens? Did your password change? Try again. What worked when prompted for the current password?

9. Return to the root user account, and restore SUID permissions on the /usr/bin/passwd file.

10. Try to run the passwd command again as a regular user. Change your password. What happens this time?

Lab 2

In this lab, you'll use the script created in Lab 1. You'll set up regular permissions on that script, and then configure ACLs for that script to be executed by a regular user. It also assumes that the filesystem with the /usr/local/bin directory is the top-level root directory, and is not already mounted with ACLs.

1. Change the permissions on the script1 file created in Lab 1 with the chmod 644 /usr/local/bin/script1 command.

2. Log in as a regular user. Try to execute that script. What happens?

3. Remount the top-level root directory (/) with ACLs with the following command:

# mount -o remount,acl /

As long as the /etc/fstab file is configured in the top-level root directory (/), this command should work. To verify, run the mount command by itself; it should show output similar to:

/dev/vda2 on / type ext4 (rw,acl)

4. Now you'll be able to set ACLs on the noted script. Configure read and execute ACLs for one regular user on the script1 file. Verify with the getfacl command.

5. Repeat Step 2, logging in as the regular user given ACL privileges to the script1 script. What happens?

6. If you want to restore the original configuration, delete the script1 file from the /usr/local/bin directory. If your original configuration did not include ACLs on the top level root directory, you can restore that situation with the following command:

# mount -o remount /

anon237 · 04-27-2012, 03:41 AM

Hi,

2 things I can come up with:

- Did you forget to change the setting to the directory itself (/usr/local/bin)? /usr/local/bin has rwxr-xr-x permissions and anly root is able to write to that directory.

Code:

setfacl -m u:gnobile:rwx /usr/local/bin

- Is the output file (filelist) still present from the previous run (using root)?

Hope this helps.

malak33 · 05-03-2012, 08:08 PM

yup that worked thanks for the help

malak33 · 05-03-2012, 09:10 PM

no when i type the command
su gnobile

i get the following error
su: /bin/bash: Permission denied

I'm logged in as root

anon237 · 05-04-2012, 01:55 AM

Hi,

Quote:

Originally Posted by malak33

when i type the command
su gnobile

i get the following error
su: /bin/bash: Permission denied

I'm logged in as root

You do need to provide a bit more information about what you have done, without it we can only guess.

Assuming that you are still experimenting with acl's you can check the following:
- Is /bin/bash accessible for user gnobile (getfacl /bin/bash)?
- Is /bin accessible for user gnobile (getfacl /bin)?

Hope this helps.

malak33 · 05-04-2012, 02:06 AM

sorry i forgot to post on this forum to say the issue was resolved.

I googled searching for an answer i couldn't find any that worked. Luckily this OS was loaded in a KVM so i just shut it down and deleted it.

Then i just made another KVM using the same image. Anyway thanks for the help. I figured this was going to be faster than trying to figure out what i did to make the KVM fubar.
thanks though

anon237 · 05-04-2012, 02:07 AM

You're welcome