LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Edit /ect/profile with root? (https://www.linuxquestions.org/questions/linux-security-4/edit-ect-profile-with-root-360166/)

Tony33221 09-04-2005 03:17 PM
Edit /ect/profile with root?
 
I wanted to change bash history # lines kept and tried to edit this file, but says permission denied.
-rw-r--r-- 1 root root 842 May 24 2004 /etc/profile
I am logged in as root (from su), but says permission denied. I have tried editing other root only files (with same permissions), and works ok?
Anyone know why root can't edit this file and some way around it?

druuna 09-04-2005 03:35 PM
Hi,

You probably did a su instead of a su - (mind the minus sign).

The first keeps all the settings of the user doing the su, the second (su -) will give you a login shell ('full' root account).

see man su and man bash (invocation part) for details.

Hope this helps

cyent 09-04-2005 03:41 PM
The Grand Unified Solution....
 
Sorry, I can't see why that shouldn't have worked. So two possibilities...

1) Finger trouble. You weren't root. So try again.

2) Something weird that I don't know...

So, Ta-Da! Introducing the Grand Unified Linux Solution....


Instead of just doing boring old
su -
cd /etc
vi profile

Try...
su -
cd /etc
strace -o tlog vi profile

Then inspect the file "tlog". You may find the permission problem applied to something other than the file you were trying to edit.

If you can't solve it yourself with that output, paste it here and we'll have another bash at helping you.

"strace" is really really nifty. I use it all the time for gnarly problems.

Basically it logs _every_ system call the program made. And since your program cannot do _anything_ meaningful without invoking the system from time to time....you can solve many problems with it.

My job involves solving the gnarliest Linux problems that a large / smart team of other programmers can't. You know what? Nine times out of ten I can solve it with strace. In fact, since I have been teaching everyone that strace is the third port of call (after "man" and "info") for linux mysteries, not the last, I'm getting far fewer questions...

druuna 09-04-2005 03:43 PM
Hi again,

Cyent is correct about the su vs su - thing. Just tried it and it's not the problem (which is obvious now I thought about it :) ).

cyent 09-04-2005 03:46 PM
Quote:
Originally posted by druuna
Hi,

You probably did a su instead of a su - (mind the minus sign).
I doubt if that was a problem. It makes no difference for this case.

The main point about "su -" vs "su" is that it goes through the root .bash_profile and loads up some extra goodies on your path.

eg. Everything in "/sbin" and "/usr/sbin" and "/usr/local/sbin"

ie. Programs that an ordinary user should never need to or be allowed to run anyway.

Try it.

echo $PATH
su
echo $PATH
su -
echo $PATH

cyent 09-04-2005 03:50 PM
Quote:
Originally posted by druuna

Cyent is correct about the su vs su - thing. Just tried it and it's not the problem (which is obvious now I thought about it :) ).

My first post wasn't a comment on yours, it was simultaneous.


But hey! Every now and again, one needs to pause and just admire the tech...

We chatting in real time between The Netherlands and New Zealand.

Matir 09-04-2005 03:55 PM
Perhaps the file is marked immutable? Check the output of 'lsattr /etc/profile'. Also, is the filesystem it is on mounted readonly?

druuna 09-04-2005 04:33 PM
@ cyent:

The internet is indeed a great place to be. It being sep 4 here atm (23:32) and sep 5 (09:31) at your place.

I'll stop the off-topic chit-chat now ;) (sorry guys)

Tony33221 09-04-2005 05:00 PM
Well, the su - didn't work, same result. I tried that command (last post) and this is what I got:

[root@server etc]# lsattr /etc/profile
----i-------- /etc/profile

So what does that mean?

I did the trace, but tons of lines. I listed some beginning ones at top, then a section near bottom where the "denied" showed up. Please note there is no typo and I used nano as editor. I use nano a lot and have (today) edited another file in the /etc/

execve("/usr/bin/nano", ["nano", "profile"], [/* 18 vars */]) = 0
uname({sys="Linux", node="server.(Ichangedthisforthispost.com", ...}) = 0
brk(0) = 0x91f2000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=30690, ...}) = 0
old_mmap(NULL, 30690, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ff8000
close(3) = 0
open("/usr/lib/libncurses.so.5", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\361"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=879963, ...}) = 0
old_mmap(0x941000, 266220, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x941000
old_mmap(0x979000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x37000) = 0x979000
close(3) = 0
open("/lib/tls/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\377"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1212936, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff7000
old_mmap(0x7db000, 1215644, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7db000
old_mmap(0x8fe000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x123000) = 0x8fe000
old_mmap(0x902000, 7324, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x902000
close(3) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000
mprotect(0x8fe000, 4096, PROT_READ) = 0
mprotect(0x7d7000, 4096, PROT_READ) = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7ff66c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_
in_pages:1, seg_not_present:0, useable:1}) = 0
munmap(0xb7ff8000, 30690) = 0
brk(0) = 0x91f2000
brk(0x9213000) = 0x9213000
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=39567600, ...}) = 0
mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7df6000
close(3) = 0
geteuid32() = 0
open("/usr/etc/nanorc", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
open("/root/.nanorc", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, SNDCTL_TMR_START or TCSETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
open("/usr/lib/gconv/gconv-modules.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=21544, ...}) = 0
mmap2(NULL, 21544, PROT_READ, MAP_SHARED, 3, 0) = 0xb7df0000
close(3) = 0
access("/root/.terminfo/x/xterm", R_OK) = -1 ENOENT (No such file or directory)
access("/usr/share/terminfo/x/xterm", R_OK) = 0
open("/usr/share/terminfo/x/xterm", O_RDONLY) = 3
read(3, "\32\0010\0&\0\17\0\235\1&\5", 12) = 12
read(3, "xterm|xterm terminal emulator (X"..., 48) = 48
read(3, "\0\1\0\0\1\0\0\0\1\0\0\0\0\1\1\0\0\0\0\0\0\0\1\0\0\1\0"..., 38) = 38
read(3, "P\0\10\0\30\0\377\377\377\377\377\377\377\377\377\377\377"..., 30) = 30
read(3, "\0\0\4\0\6\0\10\0\31\0\36\0&\0*\0.\0\377\3779\0J\0L\0P"..., 826) = 826
read(3, "\33[Z\0\7\0\r\0\33[%i%p1%d;%p2%dr\0\33[3g\0\33["..., 1318) = 1318
read(3, "\1\0\0\0\1\0\3\0\6\0", 10) = 10
read(3, "\1", 1) = 1
read(3, "\0", 1) = 1
read(3, "\377\377\0\0\3\0", 6) = 6
read(3, "AX\0XM\0", 6) = 6
close(3) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=44, ws_col=125, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig -icanon echo ...}) = 0
ioctl(1, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig -icanon -echo ...}) = 0
rt_sigaction(SIGTSTP, NULL, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0
rt_sigaction(SIGINT, NULL, {SIG_DFL}, 8) = 0
rt_sigaction(SIGINT, {0x95ce75, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0
rt_sigaction(SIGTERM, NULL, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTERM, {0x95ce75, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0
rt_sigaction(SIGWINCH, NULL, {SIG_DFL}, 8) = 0
rt_sigaction(SIGWINCH, {0x95cf7b, [], SA_RESTORER, 0x8028c8}, NULL, 8) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig -icanon -echo ...}) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig -icanon -echo ...}) = 0
ioctl(1, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig -icanon -echo ...}) = 0
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=2528, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7def000
read(3, "# Locale name alias data base.\n#"..., 4096) = 2528
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7def000, 4096) = 0
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/nano.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/nano.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/nano.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/nano.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/nano.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/nano.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
rt_sigaction(SIGINT, {SIG_IGN}, NULL, 8) = 0
rt_sigaction(SIGHUP, {0x8057c20, [], SA_RESTORER, 0x8028c8}, NULL, 8) = 0
rt_sigaction(SIGTERM, {0x8057c20, [], SA_RESTORER, 0x8028c8}, NULL, 8) = 0
rt_sigaction(SIGWINCH, {0x8057d30, [], SA_RESTORER, 0x8028c8}, NULL, 8) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig -icanon -echo ...}) = 0
ioctl(0, SNDCTL_TMR_START or TCSETS, {B38400 opost isig -icanon -echo ...}) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig -icanon -echo ...}) = 0
write(1, "\33[?1049h\33[1;44r\33[m\33(B\33[4l\33[?7h\33["..., 37) = 37
write(1, "\33[?1h\33=", 7) = 7
write(1, "\33[?1h\33=", 7) = 7
write(1, "\33[?1h\33=", 7) = 7
rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0
write(1, "\33[H\33[2J\33[43d\33[0;7m\33(B^G\33[m\33(B Ge"..., 412) = 412
rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0
stat64("profile", {st_mode=S_IFREG|0644, st_size=842, ...}) = 0
open("profile", O_RDONLY|O_LARGEFILE) = 3
rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
write(1, "\33[42;55H\33[0;7m\33(B[ Reading File "..., 39) = 39
rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0
fcntl64(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat64(3, {st_mode=S_IFREG|0644, st_size=842, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7def000
_llseek(3, 0, [0], SEEK_CUR) = 0
read(3, "# /etc/profile\n\n# System wide en"..., 4096) = 842
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7def000, 4096) = 0
rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0

....... about a gazillion more lines here, then some interesting ones at end


write(1, "\33[43;21H \33[0;7m\33(B^T\33["..., 315) = 315
rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0
rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
write(1, "\r\33[37d", 6) = 6
rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0
rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
write(1, "\33[42d\33[0;7m\33(BFile Name to Write"..., 153) = 153
rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0
read(0, "\r", 1) = 1
rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
write(1, "\33[1;125H", 8) = 8
rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0
stat64("profile", {st_mode=S_IFREG|0644, st_size=842, ...}) = 0
lstat64("profile", {st_mode=S_IFREG|0644, st_size=842, ...}) = 0
open("profile", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0600) = -1 EACCES (Permission denied)
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
write(1, "\33[42;35H\33[1K \33[0;7m\33(B[ Could no"..., 85) = 85
rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0
rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
write(1, "\33[43;21H\33[0;7m\33(B^O\33[m\33(B WriteO"..., 378) = 378
rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0
rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0
poll([{fd=0, events=POLLIN}], 1, 0) = 0

druuna 09-04-2005 05:30 PM
Hi,

The lsattr shows the problem (the i).

From man chattr:

A file with the `i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

How to change back (as root):

chattr -i /etc/profile

Hope this helps.

Tony33221 09-04-2005 05:38 PM
Thanks, this helped. Changed it back, made my changes, then put the immutable back on.
Turns out Linux Environmental Security (LES) from rfxnetworks made this file and a few others immutable.

Thanks again all!!!

Matir 09-04-2005 06:02 PM
immutable is generally good... keeps even slip-ups as root from screwing things to hell :)


All times are GMT -5. The time now is 08:05 PM.