Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-09-2004, 12:45 AM
|
#1
|
LQ Newbie
Registered: Sep 2004
Posts: 3
Rep:
|
Mandrake security freaked out, can't execute /usr/bin
Ok i've got a mandrake 9.1 system that is acting up.
When first installed over a year ago, I set the security level at some annoying level. But I could deal with it.
At some point, the msec links to server settings in /etc/security/msec disappeared.. the link 'server' is broken. I no longer get emails about some daemon checking permissions and various other security checks. This sudden stop was sort of disturbing but its not a production box I wasn't too worried about it.
Yesterday, another user was installing some php bb software.
Today, as a normal user I can no longer execute most of the binaries in /bin or /usr/bin
I get a:
-bash: /usr/bin/uptime: Permission Denied
The permissions for this file seem fine:
ll /usr/bin/uptime
-r-xr-xr-x 1 root root 2876 Mar 3 2003 /usr/bin/uptime*
I suspected perhaps the glibc was not accessible or something but the permissions on libraries seem fine also.
I'm about ready to just wipe the system and start over this weekend. The distro is so old even MandrakeUpdate will no longer update rpms because the ftp server is out of date or something.
I'm mainly just curious how this is possible. I consider myself pretty experienced with linux and security in general, but this mandrake security stuff has me pretty stumped.
Any help would be appreciated.
Rhett
|
|
|
09-09-2004, 12:49 AM
|
#2
|
Senior Member
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290
|
Did somebody do something like remount the / and/or /usr filesystems noexec? That might cause this behavior. What happens if you try running uptime as root?
|
|
|
09-09-2004, 12:53 AM
|
#3
|
LQ Newbie
Registered: Sep 2004
Posts: 3
Original Poster
Rep:
|
Everything works as root.
[root@anna bin]# df -k
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/hda6 59510936 3894712 55616224 7% /
/dev/hda1 15522 4513 10208 31% /boot
/dev/md0 75061320 1888524 73172796 3% /home
[root@anna bin]# cat /etc/fstab
/dev/hda6 / reiserfs notail 1 1
/dev/hda1 /boot ext2 defaults 1 2
/dev/md0 /home reiserfs defaults 1 3
none /dev/pts devpts mode=0620 0 0
/dev/hdc /mnt/cdrom auto user,iocharset=iso8859-1,codepage=850,noauto,ro,exec 0 0
/dev/fd0 /mnt/floppy auto user,iocharset=iso8859-1,sync,codepage=850,noauto,exec 0 0
none /proc proc defaults 0 0
/dev/hda5 swap swap defaults 0 0
Nothing seems out of the ordinary on the filesystem front to me.
Also, I can run things like 'ls' (/bin/ls)
It looks like I can run anything in /bin, but no /usr/bin or other /usr
Here is the permissions at /
[root@anna /]# ll
total 160
drwxr-x--x 2 root adm 2392 Oct 6 2003 bin/
drwx--x--- 4 root ctools 1024 Aug 29 05:34 boot/
drwx--x--x 23 root root 139760 Aug 29 05:33 dev/
drwx--x--x 65 root adm 5472 Sep 7 12:04 etc/
drwxr-x--x 8 root adm 168 Dec 2 2003 home/
drwxr-xr-x 2 root root 80 Jan 1 2002 initrd/
drwxr-x--x 10 root adm 3304 Oct 6 2003 lib/
drwxr-x--- 5 root adm 120 Aug 25 2003 mnt/
drwxr-xr-x 2 root root 48 Aug 23 1999 opt/
dr-xr-xr-x 73 root root 0 Aug 28 22:33 proc/
drwx------ 11 root root 648 Sep 8 10:24 root/
drwxr-x--x 2 root adm 4968 Oct 6 2003 sbin/
drwxrwxrwt 4 root adm 560 Sep 8 04:02 tmp/
drwxr-xr-x 12 root adm 312 Dec 31 2001 usr/
drwxr-xr-x 22 root root 560 Dec 31 2001 var/
|
|
|
09-09-2004, 12:55 AM
|
#4
|
LQ Newbie
Registered: Sep 2004
Posts: 3
Original Poster
Rep:
|
Nevermind. I figured it out
Somehow /usr/bin was owned by user mysql.
I still don't understand why that doesn't allow 'other' to execute since it was set to o+x.... but I changed it back to root:adm and now it works
Let that be a lesson to you all.
Rhett
|
|
|
All times are GMT -5. The time now is 06:51 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|