Not able to move a file to /tmp, file command shows no read permission

JockVSJock · 09-29-2016, 08:00 AM

Quote:

Originally Posted by c0wb0y

SELinux enabled? Please post

ls -lZ <file name>

then grep either the <filename> on /var/log/audit/audit.log (this is distro-dependent) and look for any denied entries. We can go from there.

With SELinux, even root is restricted to do various things without modifying contexts and rules. I think this is the case.

Here is the SELinux info:

Code:

[root@server Downloads]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

[root@server Downloads]# ls -alZ
drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  .
drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  ..
-rwxr--r--. root root unconfined_u:object_r:file_t:s0  cmake-2.8.10.2.tar.gz
-rw-r--r--. root root unconfined_u:object_r:file_t:s0  httplib2-0.8.tar.gz
-rw-r--r--. root root unconfined_u:object_r:file_t:s0  Orthanc-0.7.2.tar.gz

[root@server Downloads]# id -Z
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[root@server Downloads]#

Code:

[root@server Downloads]# sealert -av /var/log/audit/audit.log | grep -i 'cmake-2.8.10.2.tar.gz'
[root@server Downloads]#

Unless you can recommend another type of search for sealert.

c0wb0y · 09-29-2016, 12:45 PM

Ok, SELinux is enabled then. Assuming that the destination is writable by the user.
Here's how I would approach it. Clear the audit.log file. Then open 2 terminals side by side. 1 terminal is tail'ing the audit.log while on another terminal where I would attempt to copy the file. If tail'ing is not enough, I would grep it like this

grep denied /var/log/audit/audit.log | grep cp\|cmake | less

Hope it helps.