On 29/03/2011 3:59 PM, FORD Alan wrote:
Not sure what Linux you are running, but have you looked SELinux This could be causing you your access issues.
Check this link out on ways to turn it off to see if it is the culprit.
The machine has a /selinux directory, but no files inside, running echo 0 > /selinux/enforce has no effect (other than creating the file)...
I don't have any selinux commands like setenforce or similar
As I said, I'm using Debian Lenny, AKAIK, this doesn't enable selinux by default, and I don't think it is running.
Is there any other way to see what is happening or why? This was one of the things I initially thought it might be, but I'm not sure how to proceed since it doesn't appear to be running/active...
Regards, Adam
On 29/03/11 4:16 PM, Adam Goryachev wrote:
On 29/03/2011 3:59 PM, FORD Alan wrote:
Not sure what Linux you are running, but have you looked SELinux This could be causing you your access issues.
Check this link out on ways to turn it off to see if it is the culprit.
The machine has a /selinux directory, but no files inside, running echo 0 > /selinux/enforce has no effect (other than creating the file)...
I don't have any selinux commands like setenforce or similar
As I said, I'm using Debian Lenny, AKAIK, this doesn't enable selinux by default, and I don't think it is running.
Is there any other way to see what is happening or why? This was one of the things I initially thought it might be, but I'm not sure how to proceed since it doesn't appear to be running/active...
What do you get when you do:
su - hobbit
$ id -a $ strace head -1 /var/log/messages $ ltrace head -1 /var/log/messages
Thanks, David.
-- David Baldwin - IT Unit Australian Sports Commission www.ausport.gov.au Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616 david.baldwin at ausport.gov.au Leverrier Street Bruce ACT 2617
Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au
This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.
On 29/03/2011 4:26 PM, David Baldwin wrote:
What do you get when you do:
su - hobbit
$ id -a host:~# su - hobbit hobbit at host:~$ id -a uid=1000(hobbit) gid=104(hobbit) groups=4(adm),104(hobbit),244(blahblah) $ strace head -1 /var/log/messages hobbit at host:~$ strace head -1 /var/log/messages execve("/usr/bin/head", ["head", "-1", "/var/log/messages"], [/* 11 vars */]) = 0 brk(0) = 0x8052000 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) mmap2(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
Thanks for the ideas, please see below for the results:
0) = 0xb7fcc000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=17335, ...}) = 0
mmap2(NULL, 17335, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fc7000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or
directory)
open("/lib/i686/nosegneg/libc.so.6", O_RDONLY) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260e\1\0004\0\0\0\4"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1425828, ...}) = 0
mmap2(NULL, 1431152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0xb7e69000
mmap2(0xb7fc1000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x158) = 0xb7fc1000
mmap2(0xb7fc4000, 9840, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7fc4000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7e68000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7e686b0,
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb7fc1000, 4096, PROT_READ) = 0
munmap(0xb7fc7000, 17335) = 0
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=347504, ...}) = 0
mmap2(NULL, 347504, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7e13000
close(3) = 0
brk(0) = 0x8052000
brk(0x8073000) = 0x8073000
open("/var/log/messages", O_RDONLY|O_LARGEFILE) = -1 EACCES (Permission
denied)
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=2586, ...}) = 0
mmap2(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7d13000
read(3, "# Locale name alias data base.\n# "..., 1048576) = 2586
read(3, ""..., 1048576) = 0
close(3) = 0
munmap(0xb7d13000, 1048576) = 0
open("/usr/share/locale/en_AU/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1
ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1
ENOENT (No such file or directory)
write(2, "head: "..., 6head: ) = 6
write(2, "cannot open /var/log/messages' f"..., 43cannot open /var/log/messages' for reading) = 43
open("/usr/share/locale/en_AU/LC_MESSAGES/libc.mo", O_RDONLY) = -1
ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT
(No such file or directory)
write(2, ": Permission denied"..., 19: Permission denied) = 19
write(2, "\n"..., 1
) = 1
close(1) = 0
close(2) = 0
exit_group(1) = ?
$ ltrace head -1 /var/log/messages hobbit at host:~$ ltrace head -1 /var/log/messages __libc_start_main(0x8049a70, 3, 0xbfffeb84, 0x804ef10, 0x804ef00 <unfinished ...> setlocale(6, "") = "en_AU" bindtextdomain("coreutils", "/usr/share/locale") = "/usr/share/locale" textdomain("coreutils")
= "coreutils" __cxa_atexit(0x804b3a0, 0, 0, 0xb7f64ff4, 0xbfffeae8) = 0 __ctype_b_loc()
= 0xb7e0a690 __errno_location()
= 0xb7e0a68c __strtoull_internal(0xbfffef08, 0xbfffc934, 10, 0, 0xbfffc934) = 1 getopt_long(2, 0xbfffeb88, "c:n:qv0123456789", 0x804f7a0, NULL) = -1 open64("/var/log/messages", 0, 01001170471) = -1 __errno_location()
= 0xb7e0a68c __errno_location()
= 0xb7e0a68c __ctype_get_mb_cur_max(0x804833c, 0xbfffc914, 0xb7f8d7c4, 0, 0xb7f709e0) = 1 dcgettext(0, 0x804fc09, 5, 0xb7e2e900, 0xb7e0a68c) = 0x804fc09 dcgettext(0, 0x804fc0b, 5, 0xb7e2e900, 0x804fc09) = 0x804fc0b strlen("'")
= 1 dcgettext(0, 0x804f15b, 5, 0x804f7a0,
__errno_location()= 0x804f15b
= 0xb7e0a68c error(0, 13, 0x804f15b, 0x8051480, 0head: cannot open `/var/log/messages' for reading: Permission denied
exit(1 <unfinished ...> __fpending(0xb7f654e0, 0xb7f8cff4, 0x80485ac, 0xb7f64ff4,= 0
fclose(0xb7f654e0)= 0
= 0 __fpending(0xb7f65580, 0xb7f8cff4, 0x80485ac, 0xb7f64ff4,
fclose(0xb7f65580)= 0
= 0 +++ exited (status 1) +++
Ok try looking at this link in regards to Debian ACLs
http://wiki.debian.org/Permissions#Access_Control_Lists_in_Linux
Its towards the bottom :-)
Alan
From: Adam Goryachev [mailto:adam at websitemanagers.com.au] Sent: Tuesday, 29 March 2011 3:16 PM To: FORD Alan Cc: xymon at xymon.com Subject: Re: [Xymon] Hobbit Permission Problem
On 29/03/2011 3:59 PM, FORD Alan wrote:
Not sure what Linux you are running, but have you looked SELinux This could be causing you your access issues.
Check this link out on ways to turn it off to see if it is the culprit.
http://www.crypt.gen.nz/selinux/disable_selinux.html
The machine has a /selinux directory, but no files inside, running echo 0 > /selinux/enforce has no effect (other than creating the file)...
I don't have any selinux commands like setenforce or similar
As I said, I'm using Debian Lenny, AKAIK, this doesn't enable selinux by default, and I don't think it is running.
Is there any other way to see what is happening or why? This was one of the things I initially thought it might be, but I'm not sure how to proceed since it doesn't appear to be running/active...
Regards, Adam
This email (including all attachments) may contain personal information and is intended solely for the named addressee. It is confidential and may be subject to legal or other professional privilege and any confidentiality or privilege is not waived or lost because this email has been sent to you by mistake. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. Any personal Information in this email must be handled in accordance with the Privacy Act 1988 (Cth). If you have received it in error, please let Stanwell Corporation Limited know by reply email, delete it from your system and destroy any copies. Stanwell is not responsible for any changes made to a document other than those made by Stanwell. Stanwell accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. If you have any doubts about the authenticity of an email purportedly sent by us, please contact us immediately. If this is a commercial electronic message within the meaning of the Spam Act 2003 (Cth), you may indicate that you do not wish to receive any further commercial electronic messages from Stanwell by emailing mailto:privacy at stanwell.com...
participants (3)
-
adam@websitemanagers.com.au
-
Alan.FORD@stanwell.com
-
david.baldwin@ausport.gov.au