A problem with the Primary Administrator role and pfexec when homes are NFS mounted

crisostomo_enrico · 11-03-2008, 01:41 PM

Hi all.

I've got I minor problem I cannot resolve. It's not a big issue, but it's a pain every time I pfexec a shell.

The situation is: I've got a box where auto_home mounts home directory from a server via NFS. When I pfexec <some-shell> I've got this warning:

Code:

-bash-3.00$ pfexec bash
shell-init: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
bash: /home/enrico/.bashrc: Permission denied

I know why this is produced (root cannot access my NFS mounted home directory and this is good) but this message it's a pain because the only solution I have is cd / and then work as usual.

What would you do in this scenario?

stuart_cherrington · 11-04-2008, 02:56 AM

Well you could cheat! Copy the pfexec to pfexec.orig, and create a new pfexec, which cd's to / and then runs pfexec.orig

Its a hack, but it should work.

Stu.

crisostomo_enrico · 11-04-2008, 07:59 AM

Thanks stuart_cherrington, I suppose it could work.

The main reason I asked is because I think that's pretty common having homes mounted this way, and the trend is switching to RBAC rather than suing to root, which works correctly in this case. I was wondering how other administrators solve this issue.

jlliagre · 11-05-2008, 03:38 AM

I do not reproduce what you observe. Does it happens with ksh too ?

crisostomo_enrico · 11-05-2008, 04:17 AM

Code:

I do not reproduce what you observe. Does it happens with ksh too ?

Thanks jlliagre, it didn't observe it immediately because I do use ksh, while the administrator I'm speaking about is a bash-addict.

I indeed observe the problem with ksh but not as soon as I pfexec it, so I think it isn't really a problem with ksh. If I make an ls it tells me that cannot access . (which is /home/theuseriam), which I believe its correct because the home directories are NFS mounted and their permission is 700, so root should be mapped to nobody and should not be able to access it. Correct?

ADDED: I understand that bash is executing getcwd because it's looking for its initialization script. The real problem with bash is that I cannot execute anything until I go out of the unreadable directory (that's why I cd /), while ksh is much lenient. If I try to cd /anotherdir with bash, the same error is displayed, while with cd / it doesn't happen. I recognize it's weird.

jlliagre · 11-05-2008, 06:21 AM

I'm able to run commands and to change to non root directories while running either bash or ksh.
I thought the privileged subshell wasn't launched but in fact it is so these are only warning messages that correctly report access issues.

You might want to truss the shell to see why it fails in your case.