FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 05-23-2012, 06:38 PM
JD
 
Default Readlink: permission denied

fc16 - with latest updates.

Running lsof, I see a plethora of output like:

systemd 1 root cwd unknown /proc/1/cwd (readlink:
Permission denied)
systemd 1 root rtd unknown /proc/1/root (readlink:
Permission denied)
systemd 1 root txt unknown /proc/1/exe (readlink:
Permission denied)
systemd 1 root NOFD /proc/1/fd (opendir:
Permission denied)
kthreadd 2 root cwd unknown /proc/2/cwd (readlink:
Permission denied)
kthreadd 2 root rtd unknown /proc/2/root (readlink:
Permission denied)
kthreadd 2 root txt unknown /proc/2/exe (readlink:
Permission denied)
kthreadd 2 root NOFD /proc/2/fd (opendir:
Permission denied)
ksoftirqd 3 root cwd unknown /proc/3/cwd (readlink:
Permission denied)
ksoftirqd 3 root rtd unknown /proc/3/root (readlink:
Permission denied)
ksoftirqd 3 root txt unknown /proc/3/exe (readlink:
Permission denied)
ksoftirqd 3 root NOFD /proc/3/fd (opendir:
Permission denied)
migration 6 root cwd unknown /proc/6/cwd (readlink:
Permission denied)
migration 6 root rtd unknown /proc/6/root (readlink:
Permission denied)
migration 6 root txt unknown /proc/6/exe (readlink:
Permission denied)
migration 6 root NOFD /proc/6/fd (opendir:
Permission denied)

watchdog/ 7 root cwd/proc/6/cwd (readlink: Permission denied)
....etc

The full output of lsof | sort | uniq is at
http://www.sendspace.com/file/0v2lgb

what is the consequence of these failures on the rest of the system?

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-23-2012, 06:43 PM
Reindl Harald
 
Default Readlink: permission denied

Am 23.05.2012 20:38, schrieb JD:
> fc16 - with latest updates.
>
> Running lsof, I see a plethora of output like:
>
> systemd 1 root cwd unknown /proc/1/cwd (readlink: Permission denied)
> systemd 1 root rtd unknown /proc/1/root (readlink: Permission denied)
> systemd 1 root txt unknown /proc/1/exe (readlink: Permission denied)
>
> The full output of lsof | sort | uniq is at
> http://www.sendspace.com/file/0v2lgb
>
> what is the consequence of these failures on the rest of the system?

have you considered calling such commands as root instead
as normal user? it is logical that without permissions
the system does not show you all informations

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-23-2012, 07:13 PM
JD
 
Default Readlink: permission denied

On 05/23/2012 11:43 AM, Reindl Harald wrote:



Am 23.05.2012 20:38, schrieb JD:

fc16 - with latest updates.

Running lsof, I see a plethora of output like:

systemd 1 root cwd unknown /proc/1/cwd (readlink: Permission denied)
systemd 1 root rtd unknown /proc/1/root (readlink: Permission denied)
systemd 1 root txt unknown /proc/1/exe (readlink: Permission denied)

The full output of lsof | sort | uniq is at
http://www.sendspace.com/file/0v2lgb

what is the consequence of these failures on the rest of the system?


have you considered calling such commands as root instead
as normal user? it is logical that without permissions
the system does not show you all informations




But some processes are owned by me.
Why would I be denied access to info of files opened by processes
running with my uid?

This is a bug.

To wit:
COMMAND PID TID USER FD TYPE DEVICE SIZE/OFF
NODE NAME
gnome-key 1707 jd cwd unknown
/proc/1707/cwd (readlink: Permission denied)
gnome-key 1707 jd rtd unknown
/proc/1707/root (readlink: Permission denied)
gnome-key 1707 jd txt unknown
/proc/1707/exe (readlink: Permission denied)
gnome-key 1707 jd NOFD
/proc/1707/fd (opendir: Permission denied)
gnome-key 1707 1708 jd cwd unknown
/proc/1707/task/1708/cwd (readlink: Permission denied)
gnome-key 1707 1708 jd rtd unknown
/proc/1707/task/1708/root (readlink: Permission denied)
gnome-key 1707 1708 jd txt unknown
/proc/1707/task/1708/exe (readlink: Permission denied)
gnome-key 1707 1708 jd NOFD
/proc/1707/task/1708/fd (opendir: Permission denied)
gnome-key 1707 2010 jd cwd unknown
/proc/1707/task/2010/cwd (readlink: Permission denied)
gnome-key 1707 2010 jd rtd unknown
/proc/1707/task/2010/root (readlink: Permission denied)
gnome-key 1707 2010 jd txt unknown
/proc/1707/task/2010/exe (readlink: Permission denied)
gnome-key 1707 2010 jd NOFD
/proc/1707/task/2010/fd (opendir: Permission denied)
gnome-key 1707 2012 jd cwd unknown
/proc/1707/task/2012/cwd (readlink: Permission denied)
gnome-key 1707 2012 jd rtd unknown
/proc/1707/task/2012/root (readlink: Permission denied)
gnome-key 1707 2012 jd txt unknown
/proc/1707/task/2012/exe (readlink: Permission denied)
gnome-key 1707 2012 jd NOFD
/proc/1707/task/2012/fd (opendir: Permission denied)
gnome-key 1707 2014 jd cwd unknown
/proc/1707/task/2014/cwd (readlink: Permission denied)
gnome-key 1707 2014 jd rtd unknown
/proc/1707/task/2014/root (readlink: Permission denied)
gnome-key 1707 2014 jd txt unknown
/proc/1707/task/2014/exe (readlink: Permission denied)
gnome-key 1707 2014 jd NOFD
/proc/1707/task/2014/fd (opendir: Permission denied)
gnome-key 1707 2641 jd cwd unknown
/proc/1707/task/2641/cwd (readlink: Permission denied)
gnome-key 1707 2641 jd rtd unknown
/proc/1707/task/2641/root (readlink: Permission denied)
gnome-key 1707 2641 jd txt unknown
/proc/1707/task/2641/exe (readlink: Permission denied)
gnome-key 1707 2641 jd NOFD
/proc/1707/task/2641/fd (opendir: Permission denied)
ssh-agent 1897 jd cwd unknown
/proc/1897/cwd (readlink: Permission denied)
ssh-agent 1897 jd rtd unknown
/proc/1897/root (readlink: Permission denied)
ssh-agent 1897 jd txt unknown
/proc/1897/exe (readlink: Permission denied)
ssh-agent 1897 jd NOFD
/proc/1897/fd (opendir: Permission denied)
gnome-pty 2653 jd cwd unknown
/proc/2653/cwd (readlink: Permission denied)
gnome-pty 2653 jd rtd unknown
/proc/2653/root (readlink: Permission denied)
gnome-pty 2653 jd txt unknown
/proc/2653/exe (readlink: Permission denied)
gnome-pty 2653 jd NOFD
/proc/2653/fd (opendir: Permission denied)


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-23-2012, 07:36 PM
Reindl Harald
 
Default Readlink: permission denied

Am 23.05.2012 21:13, schrieb JD:
>>> The full output of lsof | sort | uniq is at
>>> http://www.sendspace.com/file/0v2lgb
>>>
>>> what is the consequence of these failures on the rest of the system?
>>
>> have you considered calling such commands as root instead
>> as normal user? it is logical that without permissions
>> the system does not show you all informations
>>
> But some processes are owned by me

the process but not the open files

> Why would I be denied access to info of files opened by processes running with my uid?

because /proc/ are not normal files?

> This is a bug

not all you do not understand is a bug!

> To wit:
> COMMAND PID TID USER FD TYPE DEVICE SIZE/OFF NODE NAME
> gnome-key 1707 jd cwd unknown /proc/1707/cwd (readlink: Permission denied)
> gnome-key 1707 jd rtd unknown /proc/1707/root (readlink: Permission denied)

[harry@srv-rhsoft:~]$ lsof | grep -i denied | grep harry
ssh-agent 6486 harry cwd unknown /proc/6486/cwd (readlink:
Permission denied)
ssh-agent 6486 harry rtd unknown /proc/6486/root (readlink:
Permission denied)
ssh-agent 6486 harry txt unknown /proc/6486/exe (readlink:
Permission denied)
ssh-agent 6486 harry NOFD /proc/6486/fd (opendir:
Permission denied)

[harry@srv-rhsoft:~]$ stat /proc/6486/cwd
Datei: „/proc/6486/cwd“stat: Lesen der symbolischen Verknüpfung „/proc/6486/cwd“ nicht möglich: Keine Berechtigung

Größe: 0 Blöcke: 0 EA Block: 1024 symbolische Verknüpfung
Gerät: 3h/3d Inode: 286740 Verknüpfungen: 1
Zugriff: (0777/lrwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root)
Zugriff : 2012-05-23 20:42:08.957669236 +0200
Modifiziert: 2012-05-23 20:41:53.459730435 +0200
Geändert : 2012-05-23 20:41:53.459730435 +0200
Geburt : -

[harry@srv-rhsoft:~]$ su -
Passwort:
[root@srv-rhsoft:~]$ stat /proc/6486/cwd
Datei: „/proc/6486/cwd“ -> „/“
Größe: 0 Blöcke: 0 EA Block: 1024 symbolische Verknüpfung
Gerät: 3h/3d Inode: 286740 Verknüpfungen: 1
Zugriff: (0777/lrwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root)
Zugriff : 2012-05-23 20:42:08.957669236 +0200
Modifiziert: 2012-05-23 20:41:53.459730435 +0200
Geändert : 2012-05-23 20:41:53.459730435 +0200
Geburt : -


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-23-2012, 09:59 PM
Cameron Simpson
 
Default Readlink: permission denied

On 23May2012 12:13, JD <jd1008@gmail.com> wrote:
| Why would I be denied access to info of files opened by processes
| running with my uid?
| This is a bug.
|
| To wit:
| COMMAND PID TID USER FD TYPE DEVICE SIZE/OFF
| NODE NAME
| gnome-key 1707 jd cwd unknown
| /proc/1707/cwd (readlink: Permission denied)

What do:

ls -ld /proc/1707
ls -la /proc/1707

show? Adjust for your running system, of course.

Maybe /proc itself has exciting new permissions.
Maybe lsof has exciting new setgidness or something.
Or SELinux hates you.

BTW, _does_ this work as root? Just for info.

Cheers,
--
Cameron Simpson <cs@zip.com.au> DoD#743
http://www.cskk.ezoshosting.com/cs/

Artificial intelligence won't make a micrometer out of a monkeywrench.
- Rick Gordon <rickg@crl.com>
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-24-2012, 01:46 AM
JD
 
Default Readlink: permission denied

On 05/23/2012 02:59 PM, Cameron Simpson wrote:

On 23May2012 12:13, JD<jd1008@gmail.com> wrote:
| Why would I be denied access to info of files opened by processes
| running with my uid?
| This is a bug.
|
| To wit:
| COMMAND PID TID USER FD TYPE DEVICE SIZE/OFF
| NODE NAME
| gnome-key 1707 jd cwd unknown
| /proc/1707/cwd (readlink: Permission denied)

What do:

ls -ld /proc/1707
ls -la /proc/1707

show? Adjust for your running system, of course.

Maybe /proc itself has exciting new permissions.
Maybe lsof has exciting new setgidness or something.
Or SELinux hates you.

BTW, _does_ this work as root? Just for info.

Cheers,

Yes it does work for root.
So, my question still remains that a process
that opens files/devices/dirs....etc,
having user X's uid/gid for credentials, can open these
resources, yet lsof, invoked by same user X, belches out
Permission denied.
How were such resources opened using X's credentials
in the first place, if user X has no permission to read the link?
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-24-2012, 02:02 AM
Cameron Simpson
 
Default Readlink: permission denied

On 23May2012 18:46, JD <jd1008@gmail.com> wrote:
| On 05/23/2012 02:59 PM, Cameron Simpson wrote:
| > On 23May2012 12:13, JD<jd1008@gmail.com> wrote:
| > | Why would I be denied access to info of files opened by processes
| > | running with my uid?
| > | This is a bug.
| > |
| > | To wit:
| > | COMMAND PID TID USER FD TYPE DEVICE SIZE/OFF
| > | NODE NAME
| > | gnome-key 1707 jd cwd unknown
| > | /proc/1707/cwd (readlink: Permission denied)
| >
| > What do:
| >
| > ls -ld /proc/1707
| > ls -la /proc/1707
| >
| > show? Adjust for your running system, of course.
| >
| > Maybe /proc itself has exciting new permissions.
| > Maybe lsof has exciting new setgidness or something.
| > Or SELinux hates you.
| >
| > BTW, _does_ this work as root? Just for info.
| >
| > Cheers,
| Yes it does work for root.
| So, my question still remains that a process
| that opens files/devices/dirs....etc,
| having user X's uid/gid for credentials, can open these
| resources, yet lsof, invoked by same user X, belches out
| Permission denied.
| How were such resources opened using X's credentials
| in the first place, if user X has no permission to read the link?

Sigh. Which is why I asked you to run some ls commands, to _inspect_ the
permissions. What do they show?
--
Cameron Simpson <cs@zip.com.au> DoD#743
http://www.cskk.ezoshosting.com/cs/

The proofs are so obvious that they can be left to the reader.
- Lars V. Ahlfors, Complex Analysis
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-24-2012, 02:28 AM
Ed Greshko
 
Default Readlink: permission denied

On 05/24/2012 10:02 AM, Cameron Simpson wrote:
> Sigh. Which is why I asked you to run some ls commands, to _inspect_ the
> permissions. What do they show?

I don't know about you, but I'm not sure that things involving the /proc file system
act in quite the same manner as a real file system.

Take this as an example....

(as root, obviously)

[root@meimei proc]# pwd
/proc

[root@meimei proc]# ls -l | grep 1721
dr-xr-xr-x. 8 egreshko egreshko 0 May 23 13:54 1721

[root@meimei proc]# getfacl 1721
# file: 1721
# owner: egreshko
# group: egreshko
user::r-x
group::r-x
other::r-x

[root@meimei proc]# cd 1721

[root@meimei 1721]# ll cwd
lrwxrwxrwx. 1 root root 0 May 24 09:50 cwd -> /

[root@meimei 1721]# getfacl cwd
# file: cwd
# owner: root
# group: root
user::r-x
group::r-x
other::r-x

# file: cwd/var
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

Plus a whole bunch of others that would lead you to believe that the "other" has read
permission.

Yet as a "normal" user ....

[egreshko@meimei 1721]$ ll cwd
ls: cannot read symbolic link cwd: Permission denied
lrwxrwxrwx. 1 root root 0 May 24 09:50 cwd


I personally don't have much interest in delving into the behavior of the /proc file
system.


--
Never be afraid to laugh at yourself, after all, you could be missing out on the joke
of the century. -- Dame Edna Everage
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-24-2012, 02:37 AM
JD
 
Default Readlink: permission denied

On 05/23/2012 07:02 PM, Cameron Simpson wrote:

On 23May2012 18:46, JD<jd1008@gmail.com> wrote:
| On 05/23/2012 02:59 PM, Cameron Simpson wrote:
|> On 23May2012 12:13, JD<jd1008@gmail.com> wrote:
|> | Why would I be denied access to info of files opened by processes
|> | running with my uid?
|> | This is a bug.
|> |
|> | To wit:
|> | COMMAND PID TID USER FD TYPE DEVICE SIZE/OFF
|> | NODE NAME
|> | gnome-key 1707 jd cwd unknown
|> | /proc/1707/cwd (readlink: Permission denied)
|>
|> What do:
|>
|> ls -ld /proc/1707
|> ls -la /proc/1707
|>
|> show? Adjust for your running system, of course.
|>
|> Maybe /proc itself has exciting new permissions.
|> Maybe lsof has exciting new setgidness or something.
|> Or SELinux hates you.
|>
|> BTW, _does_ this work as root? Just for info.
|>
|> Cheers,
| Yes it does work for root.
| So, my question still remains that a process
| that opens files/devices/dirs....etc,
| having user X's uid/gid for credentials, can open these
| resources, yet lsof, invoked by same user X, belches out
| Permission denied.
| How were such resources opened using X's credentials
| in the first place, if user X has no permission to read the link?

Sigh. Which is why I asked you to run some ls commands, to _inspect_ the
permissions. What do they show?


I know what you are driving at.
So what there are entries there that are root owned,
and some of them have root only access perms:
-r-------- 1 root root 0 May 23 11:48 auxv
--w------- 1 root root 0 May 23 11:48 clear_refs
-r-------- 1 root root 0 May 23 11:48 environ
dr-x------ 2 root root 0 May 23 11:20 fd/
dr-x------ 2 root root 0 May 23 11:48 fdinfo/
-r-------- 1 root root 0 May 23 11:48 io
-rw------- 1 root root 0 May 23 11:48 mem
-r-------- 1 root root 0 May 23 11:48 mountstats

My question is : how were they opened by a process
that has no root perms in the first place?

The process' running program has no suid perm:

-rwxr-xr-x 1 root root 1013268 Jan 18 03:28 /usr/bin/gnome-keyring-daemon


So, if these resources are accessible to this process,
how did this process, which has no root privs,
gain access to these resources which are accessible only
to root user?



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 05-24-2012, 02:40 AM
JD
 
Default Readlink: permission denied

On 05/23/2012 07:28 PM, Ed Greshko wrote:

On 05/24/2012 10:02 AM, Cameron Simpson wrote:

Sigh. Which is why I asked you to run some ls commands, to _inspect_ the
permissions. What do they show?

I don't know about you, but I'm not sure that things involving the /proc file system
act in quite the same manner as a real file system.

Take this as an example....

(as root, obviously)

[root@meimei proc]# pwd
/proc

[root@meimei proc]# ls -l | grep 1721
dr-xr-xr-x. 8 egreshko egreshko 0 May 23 13:54 1721

[root@meimei proc]# getfacl 1721
# file: 1721
# owner: egreshko
# group: egreshko
user::r-x
group::r-x
other::r-x

[root@meimei proc]# cd 1721

[root@meimei 1721]# ll cwd
lrwxrwxrwx. 1 root root 0 May 24 09:50 cwd -> /

[root@meimei 1721]# getfacl cwd
# file: cwd
# owner: root
# group: root
user::r-x
group::r-x
other::r-x

# file: cwd/var
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

Plus a whole bunch of others that would lead you to believe that the "other" has read
permission.

Yet as a "normal" user ....

[egreshko@meimei 1721]$ ll cwd
ls: cannot read symbolic link cwd: Permission denied
lrwxrwxrwx. 1 root root 0 May 24 09:50 cwd


I personally don't have much interest in delving into the behavior of the /proc file
system.

Yes Ed, I do see this behavior.
But I am puzzled as to how such resources were
somehow accessed by a process that has no root privs?
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 03:18 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org