Edit /ect/profile with root?
I wanted to change bash history # lines kept and tried to edit this file, but says permission denied.
-rw-r--r-- 1 root root 842 May 24 2004 /etc/profile I am logged in as root (from su), but says permission denied. I have tried editing other root only files (with same permissions), and works ok? Anyone know why root can't edit this file and some way around it? |
Hi,
You probably did a su instead of a su - (mind the minus sign). The first keeps all the settings of the user doing the su, the second (su -) will give you a login shell ('full' root account). see man su and man bash (invocation part) for details. Hope this helps |
The Grand Unified Solution....
Sorry, I can't see why that shouldn't have worked. So two possibilities...
1) Finger trouble. You weren't root. So try again. 2) Something weird that I don't know... So, Ta-Da! Introducing the Grand Unified Linux Solution.... Instead of just doing boring old su - cd /etc vi profile Try... su - cd /etc strace -o tlog vi profile Then inspect the file "tlog". You may find the permission problem applied to something other than the file you were trying to edit. If you can't solve it yourself with that output, paste it here and we'll have another bash at helping you. "strace" is really really nifty. I use it all the time for gnarly problems. Basically it logs _every_ system call the program made. And since your program cannot do _anything_ meaningful without invoking the system from time to time....you can solve many problems with it. My job involves solving the gnarliest Linux problems that a large / smart team of other programmers can't. You know what? Nine times out of ten I can solve it with strace. In fact, since I have been teaching everyone that strace is the third port of call (after "man" and "info") for linux mysteries, not the last, I'm getting far fewer questions... |
Hi again,
Cyent is correct about the su vs su - thing. Just tried it and it's not the problem (which is obvious now I thought about it :) ). |
Quote:
The main point about "su -" vs "su" is that it goes through the root .bash_profile and loads up some extra goodies on your path. eg. Everything in "/sbin" and "/usr/sbin" and "/usr/local/sbin" ie. Programs that an ordinary user should never need to or be allowed to run anyway. Try it. echo $PATH su echo $PATH su - echo $PATH |
Quote:
My first post wasn't a comment on yours, it was simultaneous. But hey! Every now and again, one needs to pause and just admire the tech... We chatting in real time between The Netherlands and New Zealand. |
Perhaps the file is marked immutable? Check the output of 'lsattr /etc/profile'. Also, is the filesystem it is on mounted readonly?
|
@ cyent:
The internet is indeed a great place to be. It being sep 4 here atm (23:32) and sep 5 (09:31) at your place. I'll stop the off-topic chit-chat now ;) (sorry guys) |
Well, the su - didn't work, same result. I tried that command (last post) and this is what I got:
[root@server etc]# lsattr /etc/profile ----i-------- /etc/profile So what does that mean? I did the trace, but tons of lines. I listed some beginning ones at top, then a section near bottom where the "denied" showed up. Please note there is no typo and I used nano as editor. I use nano a lot and have (today) edited another file in the /etc/ execve("/usr/bin/nano", ["nano", "profile"], [/* 18 vars */]) = 0 uname({sys="Linux", node="server.(Ichangedthisforthispost.com", ...}) = 0 brk(0) = 0x91f2000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=30690, ...}) = 0 old_mmap(NULL, 30690, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ff8000 close(3) = 0 open("/usr/lib/libncurses.so.5", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\361"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=879963, ...}) = 0 old_mmap(0x941000, 266220, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x941000 old_mmap(0x979000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x37000) = 0x979000 close(3) = 0 open("/lib/tls/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\377"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=1212936, ...}) = 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff7000 old_mmap(0x7db000, 1215644, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7db000 old_mmap(0x8fe000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x123000) = 0x8fe000 old_mmap(0x902000, 7324, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x902000 close(3) = 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000 mprotect(0x8fe000, 4096, PROT_READ) = 0 mprotect(0x7d7000, 4096, PROT_READ) = 0 set_thread_area({entry_number:-1 -> 6, base_addr:0xb7ff66c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_ in_pages:1, seg_not_present:0, useable:1}) = 0 munmap(0xb7ff8000, 30690) = 0 brk(0) = 0x91f2000 brk(0x9213000) = 0x9213000 open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=39567600, ...}) = 0 mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7df6000 close(3) = 0 geteuid32() = 0 open("/usr/etc/nanorc", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open("/root/.nanorc", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(0, SNDCTL_TMR_START or TCSETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 open("/usr/lib/gconv/gconv-modules.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=21544, ...}) = 0 mmap2(NULL, 21544, PROT_READ, MAP_SHARED, 3, 0) = 0xb7df0000 close(3) = 0 access("/root/.terminfo/x/xterm", R_OK) = -1 ENOENT (No such file or directory) access("/usr/share/terminfo/x/xterm", R_OK) = 0 open("/usr/share/terminfo/x/xterm", O_RDONLY) = 3 read(3, "\32\0010\0&\0\17\0\235\1&\5", 12) = 12 read(3, "xterm|xterm terminal emulator (X"..., 48) = 48 read(3, "\0\1\0\0\1\0\0\0\1\0\0\0\0\1\1\0\0\0\0\0\0\0\1\0\0\1\0"..., 38) = 38 read(3, "P\0\10\0\30\0\377\377\377\377\377\377\377\377\377\377\377"..., 30) = 30 read(3, "\0\0\4\0\6\0\10\0\31\0\36\0&\0*\0.\0\377\3779\0J\0L\0P"..., 826) = 826 read(3, "\33[Z\0\7\0\r\0\33[%i%p1%d;%p2%dr\0\33[3g\0\33["..., 1318) = 1318 read(3, "\1\0\0\0\1\0\3\0\6\0", 10) = 10 read(3, "\1", 1) = 1 read(3, "\0", 1) = 1 read(3, "\377\377\0\0\3\0", 6) = 6 read(3, "AX\0XM\0", 6) = 6 close(3) = 0 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(1, TIOCGWINSZ, {ws_row=44, ws_col=125, ws_xpixel=0, ws_ypixel=0}) = 0 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(1, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig -icanon echo ...}) = 0 ioctl(1, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig -icanon -echo ...}) = 0 rt_sigaction(SIGTSTP, NULL, {SIG_DFL}, 8) = 0 rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0 rt_sigaction(SIGINT, NULL, {SIG_DFL}, 8) = 0 rt_sigaction(SIGINT, {0x95ce75, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0 rt_sigaction(SIGTERM, NULL, {SIG_DFL}, 8) = 0 rt_sigaction(SIGTERM, {0x95ce75, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0 rt_sigaction(SIGWINCH, NULL, {SIG_DFL}, 8) = 0 rt_sigaction(SIGWINCH, {0x95cf7b, [], SA_RESTORER, 0x8028c8}, NULL, 8) = 0 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig -icanon -echo ...}) = 0 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig -icanon -echo ...}) = 0 ioctl(1, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig -icanon -echo ...}) = 0 open("/usr/share/locale/locale.alias", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=2528, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7def000 read(3, "# Locale name alias data base.\n#"..., 4096) = 2528 read(3, "", 4096) = 0 close(3) = 0 munmap(0xb7def000, 4096) = 0 open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/nano.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US.utf8/LC_MESSAGES/nano.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US/LC_MESSAGES/nano.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.UTF-8/LC_MESSAGES/nano.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.utf8/LC_MESSAGES/nano.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/nano.mo", O_RDONLY) = -1 ENOENT (No such file or directory) rt_sigaction(SIGINT, {SIG_IGN}, NULL, 8) = 0 rt_sigaction(SIGHUP, {0x8057c20, [], SA_RESTORER, 0x8028c8}, NULL, 8) = 0 rt_sigaction(SIGTERM, {0x8057c20, [], SA_RESTORER, 0x8028c8}, NULL, 8) = 0 rt_sigaction(SIGWINCH, {0x8057d30, [], SA_RESTORER, 0x8028c8}, NULL, 8) = 0 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig -icanon -echo ...}) = 0 ioctl(0, SNDCTL_TMR_START or TCSETS, {B38400 opost isig -icanon -echo ...}) = 0 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig -icanon -echo ...}) = 0 write(1, "\33[?1049h\33[1;44r\33[m\33(B\33[4l\33[?7h\33["..., 37) = 37 write(1, "\33[?1h\33=", 7) = 7 write(1, "\33[?1h\33=", 7) = 7 write(1, "\33[?1h\33=", 7) = 7 rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0 write(1, "\33[H\33[2J\33[43d\33[0;7m\33(B^G\33[m\33(B Ge"..., 412) = 412 rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0 stat64("profile", {st_mode=S_IFREG|0644, st_size=842, ...}) = 0 open("profile", O_RDONLY|O_LARGEFILE) = 3 rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 write(1, "\33[42;55H\33[0;7m\33(B[ Reading File "..., 39) = 39 rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0 fcntl64(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) fstat64(3, {st_mode=S_IFREG|0644, st_size=842, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7def000 _llseek(3, 0, [0], SEEK_CUR) = 0 read(3, "# /etc/profile\n\n# System wide en"..., 4096) = 842 read(3, "", 4096) = 0 close(3) = 0 munmap(0xb7def000, 4096) = 0 rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 ....... about a gazillion more lines here, then some interesting ones at end write(1, "\33[43;21H \33[0;7m\33(B^T\33["..., 315) = 315 rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0 rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 write(1, "\r\33[37d", 6) = 6 rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0 rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 write(1, "\33[42d\33[0;7m\33(BFile Name to Write"..., 153) = 153 rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0 read(0, "\r", 1) = 1 rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 write(1, "\33[1;125H", 8) = 8 rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0 stat64("profile", {st_mode=S_IFREG|0644, st_size=842, ...}) = 0 lstat64("profile", {st_mode=S_IFREG|0644, st_size=842, ...}) = 0 open("profile", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0600) = -1 EACCES (Permission denied) open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 write(1, "\33[42;35H\33[1K \33[0;7m\33(B[ Could no"..., 85) = 85 rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0 rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 write(1, "\33[43;21H\33[0;7m\33(B^O\33[m\33(B WriteO"..., 378) = 378 rt_sigaction(SIGTSTP, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, NULL, 8) = 0 rt_sigaction(SIGTSTP, {SIG_IGN}, {0x95cc80, [], SA_RESTORER|SA_RESTART, 0x8028c8}, 8) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 poll([{fd=0, events=POLLIN}], 1, 0) = 0 |
Hi,
The lsattr shows the problem (the i). From man chattr: A file with the `i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute. How to change back (as root): chattr -i /etc/profile Hope this helps. |
Thanks, this helped. Changed it back, made my changes, then put the immutable back on.
Turns out Linux Environmental Security (LES) from rfxnetworks made this file and a few others immutable. Thanks again all!!! |
immutable is generally good... keeps even slip-ups as root from screwing things to hell :)
|
All times are GMT -5. The time now is 08:05 PM. |