[Xymon] Hobbit Permission Problem

Phil Crooker Phil.Crooker at orix.com.au
Thu Mar 31 02:17:05 CEST 2011


>>> On 3/30/2011 at 11:13 PM, in message
<4D93256C.8080008 at websitemanagers.com.au>,
Adam Goryachev <adam at websitemanagers.com.au> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 29/03/11 18:29, Henrik Størner wrote:
>> Den 29-03-2011 08:17, Adam Goryachev skrev:
>>> host:~# mkdir /blah
>>> host:~# cd /blah/
>>> host:/blah# touch test
>>> host:/blah# chgrp adm test
>>> host:/blah# chmod 640 test
>>> host:/blah# ls -l
>>> total 0
>>> -rw-r----- 1 root adm 0 2011-03-29 17:15 test
>>> host:/blah# su - hobbit
>>> hobbit at host:~$ cat /blah/test
>>> cat: /blah/test: Permission denied
>> 
>> Permissions on /blah ? Assuming the "hobbit" user is a member of
group
>> "adm", the /blah directory must have group "adm" and at least
>> group-execute permissions. If group is not "adm", then execute
>> permission for "all".
> 
> In the above case, the directory was owner root, group root,
permissions
> 655, so it wasn't a directory permission issue.
> 
> However, this still doesn't resolve or address the original issue of
not
> being able to read /var/log/messages where I Showed the permissions
of
> all the directories and files which *should* have allowed the user
to
> read the file.
> 
> I'm sure there is something really bizarre going on for me, because
this
> *should* work, and it can't be debian, because I'm sure there are
plenty
> of other people out there running hobbit with debian who have this
> working properly....
> 
> Any other pointers? please? I really don't understand what else to
look
> at...
> 
> Thanks,
> Adam
> 

Your blah example doesn't work. You need to move /root/blah to / and
retry.

For me, if I'm troubleshooting this sort of baffling issue, it is
important to get something simple that works and then gradually add
relevant factors till it doesn't. So, the reason I asked for this test
is to determine if that account can access a directory and file other
than /var/log/messages with just group permissions. If you can, then
there is something going on either with the log directory or the
messages file specifically. So, if you su as that user and can then read
a file in /blah with just the group permissions (be sure to remove the
world rights), then try copying that file to /var/log and see if the
user can see it there. If it can, then there is something basically
wrong with messages...






More information about the Xymon mailing list