Friends,
I have weird problem with my Linux OS.
I have few files which is owned by root but could not be modified (edit, chmod, chown etc)
[root@ip-10-34-70-117 ~]# id
uid=0(root) gid=0(root) groups=0(root)
[root@ip-10-34-70-117 ~]# whoami
root
[root@ip-10-34-70-117 ~]# ls -l /etc/security/access-sshd.conf
-rw-r--r-- 1 root root 431 Jun 22 03:31 /etc/security/access-sshd.conf
[root@ip-10-34-70-117 ~]# mv /etc/security/access-sshd.conf /etc/security/access-sshd.conf1
mv: cannot move �/etc/security/access-sshd.conf� to �/etc/security/access-sshd.conf1�: Permission denied
[root@ip-10-34-70-117 ~]# chmod 777 /etc/security/access-sshd.conf
chmod: changing permissions of �/etc/security/access-sshd.conf�: Permission denied
[root@ip-10-34-70-117 ~]# rm -rf /etc/security/access-sshd.conf
rm: cannot remove �/etc/security/access-sshd.conf�: Permission denied
[root@ip-10-34-70-117 ~]#
Appreciate your input in this regard.
Thanks
gull04
June 28, 2016, 8:44am
2
Hi,
You may need to set the permissions on the "/etc/security" directory, you may find that you don't have execute permissions set.
Regards
Gull04
I verified the permission and it seems good.
drwxr-xr-x. 6 root root 4096 Jun 28 06:14 security
Something odd is going on if root can't remove it, root should override all file permissions and do it anyway unless
Technically mv and rm do not modify the file, they modify the directory. What permissions do you have on the folder you're inside?
joker
June 28, 2016, 7:33pm
5
Maybe immutable attribute is set?
Check with ...
lsattr file
Still it is strange .. The file system is RW.
[root@ip-10-34-66-104 security]# pwd
/etc/security
[root@ip-10-34-66-104 security]# lsattr
---------------- ./limits.d
---------------- ./namespace.conf
---------------- ./console.handlers
---------------- ./console.perms.d
---------------- ./sepermit.conf
---------------- ./limits.conf
---------------- ./namespace.d
---------------- ./access.conf
---------------- ./time.conf
---------------- ./console.perms
---------------- ./access-sshd.conf
---------------- ./chroot.conf
---------------- ./namespace.init
---------------- ./console.apps
---------------- ./opasswd
---------------- ./pwquality.conf
---------------- ./group.conf
---------------- ./pam_env.conf
[root@ip-10-34-66-104 security]# ls -l
total 72
-rw-r--r-- 1 root root 4620 Aug 4 2015 access.conf
-rw-r--r-- 1 root root 431 Jun 29 02:58 access-sshd.conf
-rw-r--r-- 1 root root 82 Aug 4 2015 chroot.conf
drwxr-xr-x. 2 root root 4096 Mar 25 12:06 console.apps
-rw-r--r-- 1 root root 604 Aug 4 2015 console.handlers
-rw-r--r-- 1 root root 939 Aug 4 2015 console.perms
drwxr-xr-x. 2 root root 4096 Aug 4 2015 console.perms.d
-rw-r--r-- 1 root root 3635 Aug 4 2015 group.conf
-rw-r--r-- 1 root root 2422 Aug 4 2015 limits.conf
drwxr-xr-x. 2 root root 4096 Mar 25 12:04 limits.d
-rw-r--r-- 1 root root 1440 Aug 4 2015 namespace.conf
drwxr-xr-x. 2 root root 4096 Aug 4 2015 namespace.d
-rwxr-xr-x 1 root root 1019 Aug 4 2015 namespace.init
-rw------- 1 root root 0 Aug 4 2015 opasswd
-rw-r--r-- 1 root root 2972 Aug 4 2015 pam_env.conf
-rw-r--r--. 1 root root 1718 Dec 6 2011 pwquality.conf
-rw-r--r-- 1 root root 419 Aug 4 2015 sepermit.conf
-rw-r--r-- 1 root root 2179 Aug 4 2015 time.conf
[root@ip-10-34-66-104 security]# echo `date` >> access-sshd.conf
bash: access-sshd.conf: Permission denied
[root@ip-10-34-66-104 security]# touch bala
[root@ip-10-34-66-104 security]# ls -l bala
-rw-r--r-- 1 root root 0 Jun 29 03:42 bala
[root@ip-10-34-66-104 security]# pwd
/etc/security
[root@ip-10-34-66-104 security]#
Aia
June 29, 2016, 4:08am
7
What's the deal with your Selinux?
drwxr-xr-x. 2 root root 4096 Mar 25 12:06 console.apps
-rw-r--r--. 1 root root 1718 Dec 6 2011 pwquality.conf
What's the output of getenforce ?
aia:
What's the deal with your Selinux?
drwxr-xr-x. 2 root root 4096 Mar 25 12:06 console.apps
-rw-r--r--. 1 root root 1718 Dec 6 2011 pwquality.conf
What's the output of getenforce ?
I'm not aware of selinux and i will explore on that.
BTW, gentenforce output is "Disabled"
Thanks
c) There are ACLs in place, like there seem to be:
drwxr-xr-x. 6 root root 4096 Jun 28 06:14 security
The dot at the end of the filemode display is indicative of ACLs (access control lists) being in place for this file. Please report the output of the aclget [/path/to/]security command.
I hope this helps.
bakunin
1 Like
Thank you. I was not aware that access control lists could supercede even root, this is quite interesting!
bakunin:
c) There are ACLs in place, like there seem to be:
drwxr-xr-x. 6 root root 4096 Jun 28 06:14 security
The dot at the end of the filemode display is indicative of ACLs (access control lists) being in place for this file. Please report the output of the aclget [/path/to/]security command.
I hope this helps.
bakunin
Thank you very much. I was not aware of the ACL and "dot" stuff before.
However, i could not find the command "aclget" on my linux OS. I did searched on Google and i could see something related to IBM software.
Can you please let me know what Software i need in order to get "aclget" command?
Thanks
Sorry, my bad. aclget is the command on AIX, use the getfacl instead.
Just for completeness sake, i remembered a fourth (although quite unprobable) possibility of what might have happened:
D) a DCE (distributed computing enviroment, similar to what Windoze calls a "domain")-cell is set up. Local root will not have automatically authority over all files, only dceroot does have this.
I hope this helps.
Yes bakunin. You seems to be correct. Is there a way i can find what is my dceroot account name?
BTW, the result of getfacl command output.
[root@ip-10-34-70-118 ~]# getfacl /etc/security/
getfacl: Removing leading '/' from absolute path names
# file: etc/security/
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
[root@ip-10-34-70-118 ~]# getfacl /etc/security/access-sshd.conf
getfacl: Removing leading '/' from absolute path names
# file: etc/security/access-sshd.conf
# owner: root
# group: root
user::rw-
group::r--
other::r--
[root@ip-10-34-70-118 ~]#
