LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-09-2004, 12:45 AM   #1
rhettg
LQ Newbie
 
Registered: Sep 2004
Posts: 3

Rep: Reputation: 0
Angry Mandrake security freaked out, can't execute /usr/bin


Ok i've got a mandrake 9.1 system that is acting up.

When first installed over a year ago, I set the security level at some annoying level. But I could deal with it.

At some point, the msec links to server settings in /etc/security/msec disappeared.. the link 'server' is broken. I no longer get emails about some daemon checking permissions and various other security checks. This sudden stop was sort of disturbing but its not a production box I wasn't too worried about it.

Yesterday, another user was installing some php bb software.

Today, as a normal user I can no longer execute most of the binaries in /bin or /usr/bin
I get a:
-bash: /usr/bin/uptime: Permission Denied

The permissions for this file seem fine:
ll /usr/bin/uptime
-r-xr-xr-x 1 root root 2876 Mar 3 2003 /usr/bin/uptime*

I suspected perhaps the glibc was not accessible or something but the permissions on libraries seem fine also.

I'm about ready to just wipe the system and start over this weekend. The distro is so old even MandrakeUpdate will no longer update rpms because the ftp server is out of date or something.

I'm mainly just curious how this is possible. I consider myself pretty experienced with linux and security in general, but this mandrake security stuff has me pretty stumped.

Any help would be appreciated.

Rhett
 
Old 09-09-2004, 12:49 AM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
Did somebody do something like remount the / and/or /usr filesystems noexec? That might cause this behavior. What happens if you try running uptime as root?
 
Old 09-09-2004, 12:53 AM   #3
rhettg
LQ Newbie
 
Registered: Sep 2004
Posts: 3

Original Poster
Rep: Reputation: 0
Everything works as root.

[root@anna bin]# df -k
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/hda6 59510936 3894712 55616224 7% /
/dev/hda1 15522 4513 10208 31% /boot
/dev/md0 75061320 1888524 73172796 3% /home
[root@anna bin]# cat /etc/fstab
/dev/hda6 / reiserfs notail 1 1
/dev/hda1 /boot ext2 defaults 1 2
/dev/md0 /home reiserfs defaults 1 3
none /dev/pts devpts mode=0620 0 0
/dev/hdc /mnt/cdrom auto user,iocharset=iso8859-1,codepage=850,noauto,ro,exec 0 0
/dev/fd0 /mnt/floppy auto user,iocharset=iso8859-1,sync,codepage=850,noauto,exec 0 0
none /proc proc defaults 0 0
/dev/hda5 swap swap defaults 0 0


Nothing seems out of the ordinary on the filesystem front to me.
Also, I can run things like 'ls' (/bin/ls)

It looks like I can run anything in /bin, but no /usr/bin or other /usr

Here is the permissions at /
[root@anna /]# ll
total 160
drwxr-x--x 2 root adm 2392 Oct 6 2003 bin/
drwx--x--- 4 root ctools 1024 Aug 29 05:34 boot/
drwx--x--x 23 root root 139760 Aug 29 05:33 dev/
drwx--x--x 65 root adm 5472 Sep 7 12:04 etc/
drwxr-x--x 8 root adm 168 Dec 2 2003 home/
drwxr-xr-x 2 root root 80 Jan 1 2002 initrd/
drwxr-x--x 10 root adm 3304 Oct 6 2003 lib/
drwxr-x--- 5 root adm 120 Aug 25 2003 mnt/
drwxr-xr-x 2 root root 48 Aug 23 1999 opt/
dr-xr-xr-x 73 root root 0 Aug 28 22:33 proc/
drwx------ 11 root root 648 Sep 8 10:24 root/
drwxr-x--x 2 root adm 4968 Oct 6 2003 sbin/
drwxrwxrwt 4 root adm 560 Sep 8 04:02 tmp/
drwxr-xr-x 12 root adm 312 Dec 31 2001 usr/
drwxr-xr-x 22 root root 560 Dec 31 2001 var/
 
Old 09-09-2004, 12:55 AM   #4
rhettg
LQ Newbie
 
Registered: Sep 2004
Posts: 3

Original Poster
Rep: Reputation: 0
Nevermind. I figured it out

Somehow /usr/bin was owned by user mysql.

I still don't understand why that doesn't allow 'other' to execute since it was set to o+x.... but I changed it back to root:adm and now it works

Let that be a lesson to you all.

Rhett
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
path in services wrong for clamav updated frm 0.75 to 0.80 usr/bin vs usr/local/bin Emmanuel_uk Linux - Newbie 3 04-22-2005 02:02 AM
/usr/bin/startkde crashes with Mandrake 9.1 Fernando Mandriva 1 02-04-2005 12:10 PM
/usr/bin/X11/ and /usr/X11R6/bin/ the same? linuxtesting2 Linux - Newbie 2 11-16-2004 11:57 AM
error in exec of stage2 trying to execute /usr/bin/runinstall2 Catherine Brett Linux - Newbie 0 07-11-2003 01:59 PM
/usr/bin permissions in Mandrake 8.0 pr0digy Linux - Newbie 3 10-20-2002 07:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:51 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration