[SOLVED] permissions to use "at" command ?

WiseDraco · 01-27-2014, 04:11 AM

hello!
i try to use "at" command from my unpriviliged user account on my slackware 14.0, and he says "you do not have permissions to use at command"...?
what permissions i must have?
as i understand, at jobs has launched with that user account, who create that "at" job?

anon237 · 01-27-2014, 04:19 AM

Have you checked the /etc/at.allow and or /etc/at.deny files?

Have a look at the at manual page for details.

ChrisAbela · 01-27-2014, 04:31 AM

I have Slack14.1 here but I do not think much changed since 14.0

No special permissions are required.

Will you list the output of:

Quote:

# type at
# ls -l $( which at )
# mount

anon237 · 01-27-2014, 04:44 AM

@ChrisAbela: To my knowledge if /etc/at.allow exists then users that need at need to be present. If /etc/at.allow does not exist and the specific user isn't mentioned in /etc/at.deny then no special permissions are needed.

WiseDraco · 01-27-2014, 04:54 AM

i look at /etc/
and found there are only at.deny file from at.*
i check, my user not in that file

but when i try
someuser@host:/etc$ at now + 5 minutes -f /home/boinc/BOINC/boinc 2&1> /home/boinc/boinc_at_log

i get an:

[1] 26171
someuser@host:/etc$ You do not have permission to use at.

?
i also have disabled password for that user ( * in password field in /etc/shadow) - it can cause that effect?

anon237 · 01-27-2014, 05:55 AM

Disabling the password goes against the nature of unix/linux systems.

It is possible to do it but this is mentioned in the shadow manual page:

Quote:

This field may be empty, in which case no passwords are required to
authenticate as the specified login name. However, some
applications which read the /etc/shadow file may decide not to
permit any access at all if the password field is empty.

BTW: can you post the output of the commands asked for by ChrisAbela?

anon237 · 01-27-2014, 06:25 AM

I just tried to recreate your problem and am not able to create an account that doesn't need a password by using a * in the /etc/shadow password field (not able to log in locally).

You can use, as root passwd -d user_name to empty the password field (no pwd required at login). If I do this then at works normally on the 14.1 box I tried it on.

I'm starting to wonder what else you changed that might have influenced login behaviour and possibly access to certain commands.

WiseDraco · 01-27-2014, 06:44 AM

boinc@host:/root$ type at
at is /usr/bin/at
boinc@host:/root$ ls -l $( which at)
-rwxr-xr-x 1 daemon daemon 50456 Jul 28 2010 /usr/bin/at
boinc@host:/root$ mount
/dev/md1 on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
/dev/md3 on /smb_raid type ext4 (rw)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sdc1 on /SAMBA/Transfer type ext4 (rw,noexec,noatime)
/dev/sdc2 on /SAMBA/Video type ext4 (rw,noexec,noatime)
boinc@host:/root$

i also change user boinc passwd to nothing ( from root passwd boinc - enter- enter-enter, then su boinc, and try again at command - and get the same "You do not have permission to use at.
" ....

anon237 · 01-27-2014, 06:57 AM

The permissions for the at command (compared to 14.1) seems to be wrong. On my side it shows (a default install):
-rwsr-sr-x daemon daemon 50456 Jul 28 2010 /usr/bin/at

There might be multiple issue's concerning your set up. I would start by giving users a proper password and setting the proper permissions. If the at command works when doing that you can change back the things changed one at the time and see what's causing the permission denied.

WiseDraco · 01-27-2014, 07:18 AM

thanks for help. i change permissions for "at", but nothing changes in my situation. looks like i must be install my system from scratch someday for get all working good. inthat system some time ago i get an accidentally chmod a+rwX for root filesystem. i try to fix that files permissions in various way, but looks like not all things get fixed in that way...

RandomTroll · 01-27-2014, 03:32 PM

I had a similar problem that I 'solved' by rewriting at and using my own version. I discussed it at http://www.linuxquestions.org/questi....php?p=4800751

ChrisAbela · 01-28-2014, 04:30 AM

Perhaps you can try to re-install at:

Quote:

# slackpkg reinstall at

WiseDraco · 01-28-2014, 06:30 AM

Quote:

Originally Posted by ChrisAbela

Perhaps you can try to re-install at:

done, no changes. i do not have another 14.0 x64 system, but on my 13.37 x32 at from users work without problems....dont understand true problem root, but ok, i instead of at command make a script for boinc run...

NeoMetal · 01-28-2014, 09:32 AM

Looking at: http://www.linuxquestions.org/questi...ailure-710254/

Quote:

Originally Posted by teqteq

Now, the solution I found is to find your "at.deny" and/or "at.allow" files (in my case, SUSE 10, it is in "/etc/"), and make sure these files have "read" permission for all users. I don't know why this isn't the default, but it wasn't for me. Once I did this then the error message "You do not have permission to use at" disappeared! I guess it wasn't able to check who didn't have permission in "at.deny" when I ran it as my owner user, so it just denied everyone!

Is it possible you have some strange permissions on at.deny as well?

WiseDraco · 01-29-2014, 01:41 AM

2NeoMetal:
thank you, you right!
see at /etc/at.deny, and he have 640 permissions - read & write by owner ( root/root), and read by group.
i add read by others permission ( 644 in final), and at command start to work from user.

thank you again....