...making Linux just a little more fun!
Ben Okopnik [ben at okopnik.com]
[cc'd to the Answer Gang]
Hi, Long -
On Thu, Mar 10, 2011 at 10:54:18AM -0800, Long Chow wrote:
> Hello Ben Okopnik, > > Yesterday I bumped into a su (substitute user) permission error similar > to your Apr. 2000 article, "Cannot execute /bin/bash: Permission denied". > I was attempting to run an expect script in non-root user mode on Fedora 8: > > su netter -c "expect try.exp" > > and it failed: > > couldn't read file "try.exp": permission denied > > No problem if I run: > su root -c "expect try.exp" > expect try.exp > > I pored over permission related avenues for the whole day and failed. > It was around midnight when I googled upon your article that my hope was > rekindled. > > So the first thing coming into work today... > Using your approach (especially strace), I found the execution bit for others > for /root > was not set. After setting it, my non-root mode command string started to > work!
That's actually not a good solution; the correct permissions for /root are 0700. Setting it to 0701, as you have, allows other users to enter that directory - a really bad idea!
ben@Jotunheim:~$ ls -ld /root drwx------ 11 root root 4096 2011-03-10 21:14 /root ben@Jotunheim:~$ head -n 1 /root/.bashrc head: cannot open `/root/.bashrc' for reading: Permission denied
OK, this is what's supposed to happen. But here's what happens when I change the permissions as you specified:
ben@Jotunheim:~$ sudo chmod 0701 /root [sudo] password for ben: ben@Jotunheim:~$ head -n 1 /root/.bashrc # ~/.bashrc: executed by bash(1) for non-login shells.
I suspect that the right solution for you would be to put 'try.exp' somewhere other than /root; then you won't have to do anything with those permissions (other than hopefully set them back as quickly as possible.)
-- OKOPNIK CONSULTING Custom Computing Solutions For Your Business Expert-led Training | Dynamic, vital websites | Custom programming 443-250-7895 http://okopnik.com http://twitter.com/okopnik
Ben Okopnik [ben at linuxgazette.net]
On Fri, Mar 11, 2011 at 08:55:49AM -0800, Long Chow wrote:
> Hi Ben, > > Thanks for pointing out the security concern. > > It is a development host used only by me for cross compiling ARM based > embedded system target. > We are still in the "stone age" and have not migrated out of root account to > non-root.
Hmm, it looked like you were using the 'netter' account instead of root, which is why you were having the problem. But operating as root by default isn't just a security concern - it's also a good way to accidentally destroy your system with a single typing mistake.
# rm -rf /tmp/foo # No problem # rm -rf / tmp/foo # BIG problem!
...and many, many other easy ways to do lots of damage.
> Again I am very grateful for your bash permission article.
You're certainly welcome - glad you found it of use!
-- * Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *