[Xymon] Hobbit Permission Problem
Adam Goryachev
adam at websitemanagers.com.au
Thu Mar 31 02:33:33 CEST 2011
On 31/03/2011 11:17 AM, Phil Crooker wrote:
>>>> On 3/30/2011 at 11:13 PM, in message
> <4D93256C.8080008 at websitemanagers.com.au>,
> Adam Goryachev <adam at websitemanagers.com.au> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 29/03/11 18:29, Henrik Størner wrote:
>>> Den 29-03-2011 08:17, Adam Goryachev skrev:
>>>> host:~# mkdir /blah
>>>> host:~# cd /blah/
>>>> host:/blah# touch test
>>>> host:/blah# chgrp adm test
>>>> host:/blah# chmod 640 test
>>>> host:/blah# ls -l
>>>> total 0
>>>> -rw-r----- 1 root adm 0 2011-03-29 17:15 test
>>>> host:/blah# su - hobbit
>>>> hobbit at host:~$ cat /blah/test
>>>> cat: /blah/test: Permission denied
>>> Permissions on /blah ? Assuming the "hobbit" user is a member of
> group
>>> "adm", the /blah directory must have group "adm" and at least
>>> group-execute permissions. If group is not "adm", then execute
>>> permission for "all".
>> In the above case, the directory was owner root, group root,
> permissions
>> 655, so it wasn't a directory permission issue.
>>
>> However, this still doesn't resolve or address the original issue of
> not
>> being able to read /var/log/messages where I Showed the permissions
> of
>> all the directories and files which *should* have allowed the user
> to
>> read the file.
>>
>> I'm sure there is something really bizarre going on for me, because
> this
>> *should* work, and it can't be debian, because I'm sure there are
> plenty
>> of other people out there running hobbit with debian who have this
>> working properly....
>>
>> Any other pointers? please? I really don't understand what else to
> look
>> at...
>>
>> Thanks,
>> Adam
>>
> Your blah example doesn't work. You need to move /root/blah to / and
> retry.
I'm not sure what you mean, I was using /blah....
host:~# mkdir /blah
host:~# ls -ld /blah
drwxr-xr-x 2 root root 4096 Mar 31 11:23 /blah
host:~# echo test > /blah/test
host:~# chgrp adm /blah/test
host:~# chmod 640 /blah/test
host:~# ls -l /blah/test
-rw-r----- 1 root adm 5 Mar 31 11:23 /blah/test
host:~# cat /blah/test
test
host:~# su - hobbit
hobbit at host:~$ cd /blah
hobbit at host:/blah$ ls -la
total 12
drwxr-xr-x 2 root root 4096 Mar 31 11:23 .
drwxr-xr-x 25 root root 4096 Mar 31 11:23 ..
-rw-r----- 1 root adm 5 Mar 31 11:23 test
hobbit at host:/blah$ cat test
cat: test: Permission denied
hobbit at host:~$ id
uid=110(hobbit) gid=110(hobbit) groups=0(root),4(adm),110(hobbit)
hobbit at host:~$ logout
host:~# chgrp testgroup /blah/test
host:~# su - adamg
adamg at host:~$ cat /blah/test
cat: /blah/test: Permission denied
adamg at host:~$ ls -l /blah/test
-rw-r----- 1 root testgroup 5 Mar 31 11:23 /blah/test
adamg at host:~$ id
uid=500(adamg) gid=500(adamg) groups=500(adamg),1014(testgroup)
> For me, if I'm troubleshooting this sort of baffling issue, it is
> important to get something simple that works and then gradually add
> relevant factors till it doesn't. So, the reason I asked for this test
> is to determine if that account can access a directory and file other
> than /var/log/messages with just group permissions. If you can, then
> there is something going on either with the log directory or the
> messages file specifically. So, if you su as that user and can then read
> a file in /blah with just the group permissions (be sure to remove the
> world rights), then try copying that file to /var/log and see if the
> user can see it there. If it can, then there is something basically
> wrong with messages...
I'm not sure where to start from, none of these basics seem to be
working....
Thanks for all the suggestions
Adam
More information about the Xymon
mailing list