FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 08-26-2008, 05:38 PM
"R. G. Newbury"
 
Default "Permissions Denied" error as root: SOLVED

R. G. Newbury wrote:
To recap, attempting to run a script, as root, with permissions 755
produced a 'Permissions denied' error.


The problem was that the partition was mounted with 'users,defaults'
options, and 'users' implies 'noexec' and overrides 'defaults' (which
implies 'exec'),


Changing the line in fstab to 'defaults' and quick 'umount' and 'mount'
fixed the problem.


Weird bit is that I was logged in as root..WHICH WAS MISLEADING. When
'nonexec' is set, ALL users are denied execution privileges. (This is
most useful for security purposes in denying the use of programs on for
example a USB stick from compromising the system.


So, besides checking the permissions on a file, and the parent
directories, you have to check how the partition was mounted.
This will catch you when you are playing with something on a 'spare'
partition.

Or when you change the fstab without realizing the implications!

Thanks to all for the pointers, which gave the solution.

Geoff

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-26-2008, 06:46 PM
Stuart Sears
 
Default "Permissions Denied" error as root: SOLVED

R. G. Newbury wrote:
> R. G. Newbury wrote:
> To recap, attempting to run a script, as root, with permissions 755
> produced a 'Permissions denied' error.
>
> The problem was that the partition was mounted with 'users,defaults'
> options, and 'users' implies 'noexec' and overrides 'defaults' (which
> implies 'exec'),
>
> Changing the line in fstab to 'defaults' and quick 'umount' and 'mount'
> fixed the problem.

another trick is this:

mount -o remount /mount/point

will change the mount options without actually unmounting the device in
question.

> Weird bit is that I was logged in as root..WHICH WAS MISLEADING.

I am curious as to how you thought you had been misled... or was this an
assumption that there are absolutely no restrictions on what the root
user can do?

> 'nonexec' is set, ALL users are denied execution privileges. (This is
> most useful for security purposes in denying the use of programs on for
> example a USB stick from compromising the system.

There are other uses for it too.
It is not all that uncommon to have /tmp and /home (and other
mountpoints that should not really have executable files on them) mount
noexec as well.

> So, besides checking the permissions on a file, and the parent
> directories, you have to check how the partition was mounted.
> This will catch you when you are playing with something on a 'spare'
> partition. Or when you change the fstab without realizing the implications!

True. 'users' and 'user' are not default options and tbh I don't see the
point of using them most of the time. IMO the only devices that users
should be mounting/unmounting are physically removable devices.

> Thanks to all for the pointers, which gave the solution.

glad we could help


Stuart
--
Stuart Sears RHCA etc.
"It's today!" said Piglet.
"My favourite day," said Pooh.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-26-2008, 07:59 PM
James Wilkinson
 
Default "Permissions Denied" error as root: SOLVED

R. G. Newbury wrote:
> Weird bit is that I was logged in as root..WHICH WAS MISLEADING. When
> 'nonexec' is set, ALL users are denied execution privileges. (This is
> most useful for security purposes in denying the use of programs on for
> example a USB stick from compromising the system.

Similarly, a filesystem mounted read-only will be read-only for all
users¹, including root. You may find this more obvious, especially if
you remember hardware write-protect tabs on floppies.

James.

¹ But not the kernel – journalling filesystems may be rolled back or
rolled forwards if they weren’t cleanly unmounted.

--
E-mail: james@ | "I don't think so," said René Descartes. Just then, he
aprilcottage.co.uk | vanished.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 08-26-2008, 08:53 PM
Mike McCarty
 
Default "Permissions Denied" error as root: SOLVED

James Wilkinson wrote:

R. G. Newbury wrote:
Weird bit is that I was logged in as root..WHICH WAS MISLEADING. When
'nonexec' is set, ALL users are denied execution privileges. (This is
most useful for security purposes in denying the use of programs on for
example a USB stick from compromising the system.


Similarly, a filesystem mounted read-only will be read-only for all
users¹, including root. You may find this more obvious, especially if
you remember hardware write-protect tabs on floppies.

James.

¹ But not the kernel – journalling filesystems may be rolled back or
rolled forwards if they weren’t cleanly unmounted.


AIUI...

Having root access only gives one effective ownership, not effective
permission. Being root gives one the same privileges the owner would
have.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){pri ntf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 
Old 08-26-2008, 09:31 PM
"Mikkel L. Ellertson"
 
Default "Permissions Denied" error as root: SOLVED

Mike McCarty wrote:
>
> Having root access only gives one effective ownership, not effective
> permission. Being root gives one the same privileges the owner would
> have.
>
It gets more interesting when you have fuse mounted file systems. I
have an encrypted file system as user mikkel, and root can not
access it, unless I change to user mikkel, even if it is "unlocked".

Mikkel
--

Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 
Old 08-26-2008, 10:04 PM
Mike McCarty
 
Default "Permissions Denied" error as root: SOLVED

Mikkel L. Ellertson wrote:

Mike McCarty wrote:

Having root access only gives one effective ownership, not effective
permission. Being root gives one the same privileges the owner would
have.


It gets more interesting when you have fuse mounted file systems. I
have an encrypted file system as user mikkel, and root can not
access it, unless I change to user mikkel, even if it is "unlocked".


That makes perfect sense. Ownership and access are not the same
thing.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){pri ntf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 
Old 08-26-2008, 10:28 PM
"Mikkel L. Ellertson"
 
Default "Permissions Denied" error as root: SOLVED

Mike McCarty wrote:
> Mikkel L. Ellertson wrote:
>> Mike McCarty wrote:
>>> Having root access only gives one effective ownership, not effective
>>> permission. Being root gives one the same privileges the owner would
>>> have.
>>>
>> It gets more interesting when you have fuse mounted file systems. I
>> have an encrypted file system as user mikkel, and root can not
>> access it, unless I change to user mikkel, even if it is "unlocked".
>
> That makes perfect sense. Ownership and access are not the same
> thing.
>
> Mike
A agree. But in the past, root would have access no matter who owned
the files/directories. I like it much better this way - one more
step someone with root access has to go through. And if it isn't
mounted, then nobody without the pass-phrase can access it anyway.

It is kind of funny when installing RPMs to get a message about not
being able to stat the file system...

Mikkel
--

Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 

Thread Tools




All times are GMT. The time now is 05:53 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org