Linux - Security This forum is for all security related questions.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a
virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month.
Click here for more info.
#1
Senior Member
Registered: Jan 2004
Posts: 1,420
Rep:
Not able to move a file to /tmp, file command shows no read permission
Have a developer bring something to my attention.
Have a file cmake-2.8.10.2.tar.gz and he has discovered he can't move it to his home directory, it currently lives under
Code:
/orthanc/Programs/Downloads
Code:
[root@server Downloads]# ls -al cmake-2.8.10.2.tar.gz
-rw-r--r--. 1 root root 5768373 Feb 24 2014 cmake-2.8.10.2.tar.gz
[root@server Downloads]#
If I chmod u+x and then try to move the file, say to /tmp, this is what I get:
Code:
[root@server Downloads]# chmod u+x cmake-2.8.10.2.tar.gz ; cp -i cmake-2.8.10.2.tar.gz /tmp
cp: cannot open `cmake-2.8.10.2.tar.gz' for reading: Permission denied
Looking at file/stat command
Code:
[root@server Downloads]# file cmake-2.8.10.2.tar.gz ; stat cmake-2.8.10.2.tar.gz
cmake-2.8.10.2.tar.gz: writable, executable, regular file, no read permissions
File: `cmake-2.8.10.2.tar.gz'
Size: 5768373 Blocks: 11272 IO Block: 4096 regular file
Device: fd12h/64786d Inode: 402469 Links: 1
Access: (0744/-rwxr--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2016-09-20 10:01:35.710776725 -0500
Modify: 2014-02-24 11:17:52.811790222 -0600
Change: 2016-09-20 10:01:35.675778704 -0500
[root@server Downloads]#
I've never seen the no read permissions, even with root as the user/group owning the file and chmod for the user is set to 777.
I can't even move this to a Windows 7 desktop so I could try a few other tools to look at the file.
We have anti-virus on this server, however nothing has been flagged at this time and I've alerted the team to dig deeper to see what they can see.
I don't see any odd processes running on the server via top
Some of the research online seems to point to a virus. Other things that I've read is that one of the files within the package maybe compromised.
Was wondering if others have seen this before?
thanks
Last edited by JockVSJock; 09-20-2016 at 10:20 AM .
#2
LQ Addict
Registered: Dec 2013
Posts: 19,872
Quote:
Originally Posted by
JockVSJock
Code:
[root@server Downloads]# chmod u+x cmake-2.8.10.2.tar.gz ; cp -i cmake-2.8.10.2.tar.gz /tmp
cp: cannot open `cmake-2.8.10.2.tar.gz' for reading: Permission denied
this has nothing to do with /tmp, since the file resides elsewhere.
#3
LQ Addict
Registered: Dec 2013
Posts: 19,872
Quote:
Originally Posted by
JockVSJock
Have a developer bring something to my attention.
Have a file cmake-2.8.10.2.tar.gz and he has discovered he can't move it to his home directory, it currently lives under
Code:
/orthanc/Programs/Downloads
Code:
[root@server Downloads]# ls -al cmake-2.8.10.2.tar.gz
-rw-r--r--. 1 root root 5768373 Feb 24 2014 cmake-2.8.10.2.tar.gz
[root@server Downloads]#
erm.
why do you say it lives under...
then your prompt tells a different story?
#4
Senior Member
Registered: Apr 2004
Location: Baton Rouge, Louisiana, USA
Distribution: Debian Stable
Posts: 2,546
Quote:
Originally Posted by
JockVSJock
Code:
[root@server Downloads]# ls -al cmake-2.8.10.2.tar.gz
-rw-r--r--. 1 root root 5768373 Feb 24 2014 cmake-2.8.10.2.tar.gz
[root@server Downloads]#
I'm going to assume this is a cut-and-paste, so it's a direct quotation of the terminal's contents.
The thing which pops out to me is the "." after -rw-r--r--
I don't know what the "." means, but it's odd and out of place to me.
#5
Senior Member
Registered: Jan 2004
Posts: 1,420
Original Poster
Rep:
Quote:
Originally Posted by
IsaacKuo
The "." means SELinux is enabled.
#6
Senior Member
Registered: Jan 2004
Posts: 1,420
Original Poster
Rep:
Quote:
Originally Posted by
ondoho
this has nothing to do with /tmp, since the file resides elsewhere.
Right, it lives under one directory, however I can't even move it to /tmp.
#7
Senior Member
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,779
Is this directory on a local disk, or is it on some networked filesystem?
#8
Senior Member
Registered: Jan 2004
Posts: 1,420
Original Poster
Rep:
Quote:
Originally Posted by
rknichols
Is this directory on a local disk, or is it on some networked filesystem?
This directory is an LVM, which lives on SAN.
#9
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep:
Quote:
Originally Posted by
JockVSJock
Have a developer bring something to my attention.
Have a file cmake-2.8.10.2.tar.gz and he has discovered he can't move it to his home directory, it currently lives under
Code:
/orthanc/Programs/Downloads
...
If I chmod u+x and then try to move the file, say to /tmp, this is what I get
Why not just move it to where the dev needs it? Why the extra stuff?
mv, chown/attr and done.
It's like stepping over a dollar to pick up a nickel.
#10
Senior Member
Registered: Jan 2004
Posts: 1,420
Original Poster
Rep:
Quote:
Originally Posted by
Habitual
Why not just move it to where the dev needs it? Why the extra stuff?
That's what started this. He tried to move the .tar.gz to his home directory and can't do it. He even used sudo to try and move it and it didn't work.
#11
LQ Addict
Registered: Dec 2013
Posts: 19,872
my previous posts were a little confused and out of focus.
#12
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep:
Quote:
Originally Posted by
JockVSJock
That's what started this. He tried to move the .tar.gz to his home directory and can't do it. He even used sudo to try and move it and it didn't work.
So, you gave root to a DEV?
You need
Sudo - You're doing it wrong
Turn in your toaster.
Last edited by Habitual; 09-21-2016 at 06:00 AM .
#13
Senior Member
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,780
Quote:
Originally Posted by
JockVSJock
The "." means SELinux is enabled.
Use ls -Z to see the details.
ls(1)
Code:
-Z, --context
print any security context of each file
#14
Senior Member
Registered: Jan 2004
Posts: 1,420
Original Poster
Rep:
Quote:
Originally Posted by
Habitual
The file that we can't move is tied to 3rd party imaging software.
The DEV, used to be a sys admin, however as time has gone by, his role has become more DEV and less sys admin and I'm now the sys admin.
My toaster was turned in along time ago...with the cord cut...
#15
Member
Registered: Jan 2012
Location: Inside the oven
Distribution: Windows
Posts: 421
Rep:
SELinux enabled? Please post
All times are GMT -5. The time now is 03:59 PM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
