Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
09-20-2016, 10:08 AM
|
#1
|
|
Senior Member
Registered: Jan 2004
Posts: 1,420
Rep: 
|
Not able to move a file to /tmp, file command shows no read permission
Have a developer bring something to my attention.
Have a file cmake-2.8.10.2.tar.gz and he has discovered he can't move it to his home directory, it currently lives under
Code:
/orthanc/Programs/Downloads
Code:
[root@server Downloads]# ls -al cmake-2.8.10.2.tar.gz
-rw-r--r--. 1 root root 5768373 Feb 24 2014 cmake-2.8.10.2.tar.gz
[root@server Downloads]#
If I chmod u+x and then try to move the file, say to /tmp, this is what I get:
Code:
[root@server Downloads]# chmod u+x cmake-2.8.10.2.tar.gz ; cp -i cmake-2.8.10.2.tar.gz /tmp
cp: cannot open `cmake-2.8.10.2.tar.gz' for reading: Permission denied
Looking at file/stat command
Code:
[root@server Downloads]# file cmake-2.8.10.2.tar.gz ; stat cmake-2.8.10.2.tar.gz
cmake-2.8.10.2.tar.gz: writable, executable, regular file, no read permissions
File: `cmake-2.8.10.2.tar.gz'
Size: 5768373 Blocks: 11272 IO Block: 4096 regular file
Device: fd12h/64786d Inode: 402469 Links: 1
Access: (0744/-rwxr--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2016-09-20 10:01:35.710776725 -0500
Modify: 2014-02-24 11:17:52.811790222 -0600
Change: 2016-09-20 10:01:35.675778704 -0500
[root@server Downloads]#
I've never seen the no read permissions, even with root as the user/group owning the file and chmod for the user is set to 777.
I can't even move this to a Windows 7 desktop so I could try a few other tools to look at the file.
We have anti-virus on this server, however nothing has been flagged at this time and I've alerted the team to dig deeper to see what they can see.
I don't see any odd processes running on the server via top
Some of the research online seems to point to a virus. Other things that I've read is that one of the files within the package maybe compromised.
Was wondering if others have seen this before?
thanks
Last edited by JockVSJock; 09-20-2016 at 10:20 AM.
|
|
|
|
|
09-20-2016, 11:45 AM
|
#2
|
|
LQ Addict
Registered: Dec 2013
Posts: 19,872
|
Quote:
Originally Posted by JockVSJock
Code:
[root@server Downloads]# chmod u+x cmake-2.8.10.2.tar.gz ; cp -i cmake-2.8.10.2.tar.gz /tmp
cp: cannot open `cmake-2.8.10.2.tar.gz' for reading: Permission denied
|
this has nothing to do with /tmp, since the file resides elsewhere. |
|
|
|
|
09-20-2016, 11:47 AM
|
#3
|
|
LQ Addict
Registered: Dec 2013
Posts: 19,872
|
Quote:
Originally Posted by JockVSJock
Have a developer bring something to my attention.
Have a file cmake-2.8.10.2.tar.gz and he has discovered he can't move it to his home directory, it currently lives under
Code:
/orthanc/Programs/Downloads
Code:
[root@server Downloads]# ls -al cmake-2.8.10.2.tar.gz
-rw-r--r--. 1 root root 5768373 Feb 24 2014 cmake-2.8.10.2.tar.gz
[root@server Downloads]#
|
erm.
why do you say it lives under...
then your prompt tells a different story? |
|
|
|
|
09-20-2016, 12:01 PM
|
#4
|
|
Senior Member
Registered: Apr 2004
Location: Baton Rouge, Louisiana, USA
Distribution: Debian Stable
Posts: 2,546
|
Quote:
Originally Posted by JockVSJock
Code:
[root@server Downloads]# ls -al cmake-2.8.10.2.tar.gz
-rw-r--r--. 1 root root 5768373 Feb 24 2014 cmake-2.8.10.2.tar.gz
[root@server Downloads]#
|
I'm going to assume this is a cut-and-paste, so it's a direct quotation of the terminal's contents.
The thing which pops out to me is the "." after -rw-r--r--
I don't know what the "." means, but it's odd and out of place to me. |
|
|
|
|
09-20-2016, 01:38 PM
|
#5
|
|
Senior Member
Registered: Jan 2004
Posts: 1,420
Original Poster
Rep:
|
Quote:
Originally Posted by IsaacKuo
The thing which pops out to me is the "." after -rw-r--r--
I don't know what the "." means, but it's odd and out of place to me.
|
The "." means SELinux is enabled. |
|
|
|
|
09-20-2016, 01:40 PM
|
#6
|
|
Senior Member
Registered: Jan 2004
Posts: 1,420
Original Poster
Rep:
|
Quote:
Originally Posted by ondoho
this has nothing to do with /tmp, since the file resides elsewhere.
|
Right, it lives under one directory, however I can't even move it to /tmp. |
|
|
|
|
09-20-2016, 02:00 PM
|
#7
|
|
Senior Member
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,813
|
Is this directory on a local disk, or is it on some networked filesystem?
|
|
|
|
|
09-20-2016, 03:00 PM
|
#8
|
|
Senior Member
Registered: Jan 2004
Posts: 1,420
Original Poster
Rep:
|
Quote:
Originally Posted by rknichols
Is this directory on a local disk, or is it on some networked filesystem?
|
This directory is an LVM, which lives on SAN. |
|
|
|
|
09-20-2016, 04:17 PM
|
#9
|
|
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep: 
|
Quote:
Originally Posted by JockVSJock
Have a developer bring something to my attention.
Have a file cmake-2.8.10.2.tar.gz and he has discovered he can't move it to his home directory, it currently lives under
Code:
/orthanc/Programs/Downloads
...
If I chmod u+x and then try to move the file, say to /tmp, this is what I get |
Why not just move it to where the dev needs it? Why the extra stuff?
mv, chown/attr and done.
It's like stepping over a dollar to pick up a nickel. |
|
|
|
|
09-20-2016, 04:52 PM
|
#10
|
|
Senior Member
Registered: Jan 2004
Posts: 1,420
Original Poster
Rep:
|
Quote:
Originally Posted by Habitual
Why not just move it to where the dev needs it? Why the extra stuff?
mv, chown/attr and done.
|
That's what started this. He tried to move the .tar.gz to his home directory and can't do it. He even used sudo to try and move it and it didn't work. |
|
|
|
|
09-21-2016, 02:59 AM
|
#11
|
|
LQ Addict
Registered: Dec 2013
Posts: 19,872
|
my previous posts were a little confused and out of focus.
which probably is a direct result of the permissions-related mess you are in.
my suspicion is that you (or someone else) are doing things as root that should be done as user.
why else would the file be in a user's directory, but owned by root?
|
|
|
|
|
09-21-2016, 05:59 AM
|
#12
|
|
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep:
|
Quote:
Originally Posted by JockVSJock
That's what started this. He tried to move the .tar.gz to his home directory and can't do it. He even used sudo to try and move it and it didn't work.
|
So, you gave root to a DEV?
You need Sudo - You're doing it wrong
Turn in your toaster. 
Last edited by Habitual; 09-21-2016 at 06:00 AM.
|
|
|
|
|
09-21-2016, 06:56 AM
|
#13
|
|
Senior Member
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,813
|
Quote:
Originally Posted by JockVSJock
The "." means SELinux is enabled.
|
Use ls -Z to see the details.
ls(1)
Code:
-Z, --context
print any security context of each file
|
|
|
|
|
09-21-2016, 07:42 AM
|
#14
|
|
Senior Member
Registered: Jan 2004
Posts: 1,420
Original Poster
Rep:
|
Quote:
Originally Posted by Habitual
|
The file that we can't move is tied to 3rd party imaging software.
The DEV, used to be a sys admin, however as time has gone by, his role has become more DEV and less sys admin and I'm now the sys admin.
My toaster was turned in along time ago...with the cord cut... |
|
|
|
|
09-28-2016, 02:35 PM
|
#15
|
|
Member
Registered: Jan 2012
Location: Inside the oven
Distribution: Windows
Posts: 421
Rep:
|
SELinux enabled? Please post
ls -lZ <file name>
then grep either the <filename> on /var/log/audit/audit.log (this is distro-dependent) and look for any denied entries. We can go from there.
With SELinux, even root is restricted to do various things without modifying contexts and rules. I think this is the case.
|
|
|
|
All times are GMT -5. The time now is 11:51 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
