How can I find all files contains specific string from root level?
I've looged with root & tried something like:
[root#ip-172-18-7-96 /]# grep -r 'log4j' /
grep: /proc/sys/fs/binfmt_misc/register: Invalid argument
grep: /proc/sys/net/ipv4/route/flush: Permission denied
I get just several permission denied (although I'm root).
As root, you can still chmod a-r file:
$ ls -la /proc/sys/net/ipv4/route/flush
--w------- 1 root root 0 Sep 4 15:59 /proc/sys/net/ipv4/route/flush
Related
We are getting the error "permission denied" when trying to write to a file that is owned by a service user and a shared group. In particular that is www-data:www-data and the user trying to write to it is in the group www-data.
There is no acl on none of the parent folders and the permissions to the file and folders are correct.
Here some details:
$ sudo -u deploy id -Gn
www-data
$ ls -lah /tmp
drwxrwxrwt 17 root root 4.0K Jul 11 11:22 .
drwxr-xr-x 23 root root 4.0K Jul 8 10:08 ..
...
-rw-rw-r-- 1 www-data www-data 0 Jul 11 10:50 test
...
$ echo 'hello world' | sudo -u deploy tee -a /tmp/test
tee: /tmp/test: Permission denied
hello world
we tried that on different folders and made sure there is no acl on any of the folders or parents or files...
Unfortunately that is not described in the link stark posted in the comment. And also not in any other page I found until I found an answer here on stackoverflow that clarified it.
2018 two new filesystem configurations got added to sysctl that should prevent regular files and fifos from beeing opened with the O_CREAT flag (as append mode is doing) in directories with the sticky bit set unless the user is the owner of the file. This commit added the settings: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30aba6656f61ed44cba445a3c0d38b296fa9e8f5
To change that behaviour you have to set fs.protected_regular to 0:
sudo sysctl fs.protected_regular=0
Or to persist the change add fs.protected_regular=0 to your sysctl.conf.
side node: since O_CREAT is not deleting or renaming the file I'm wondered why it is connected to the sticky bit. It really is possible to create a file in directories with the stick bit set.
So my home dir is set as:
drwxr--r-- 16 me users 4096 Jan 15 09:17 me
I want to copy my files from using admin user which belongs to the same group(users):
drwxr-xr-x 2 otickadm users 4096 Jan 15 08:59 common
However I can't:
$ cd /jhome/jyun1
-bash: cd: /jhome/jyun1: Permission denied
$ cp /jhome/jyun1/gitworkspace/taq_scripts/sanity_check.py .
cp: cannot stat ‘/jhome/jyun1/gitworkspace/taq_scripts/sanity_check.py’: Permission denied
Wondering if anything else is taking control of this permission.
cd (and read files) requires execute (x) perms on the directory; try 75x to allow others in your group to cd to your directory and/or read your files
I'm using Oracle Linux 5.7 x86 on Virtual Box 5.1.8 Window 10 x64. I have shared a host folder Temp with VM and can access it and trying to copy its contents to VM but stuck at;
[root#localhost ~]# cd /downloads
[root#localhost downloads]# cp /media/sf_Temp/*.zip
cp: target `/media/sf_Temp/V25347-01.zip' is not a directory
[root#localhost downloads]#
I guess I'll need to change the permissions of shared folder to 777 (drwxrwxrwx) but cannot. Is chmod 777 /media/sf_Temp right command for this?
[root#localhost sf_Temp]# ls -ld /media/sf_Temp
drwxrwx--- 1 root vboxsf 12288 Oct 25 20:46 /media/sf_Temp
[root#localhost sf_Temp]# ls -ld /downloads
drwxrwxrwx 2 root root 4096 Oct 26 19:14 /downloads
[root#localhost sf_Temp]#
You are already root, you don't need any other permissions.
cp command needs two arguments, one for target file/folder, one for destination.
cp origfile newfile
http://www.computerhope.com/unix/ucp.htm
This is with respect to recent issue that has been faced by me. Suddenly post exection of a mv command Linux box went un-responsive on various front, below is the overall description of the issue that happened.
1) move command executed with /* in the destination
# mv -f *.txt /*
2) command has successfully moved the desired content but not to / it moved it to /var
3) along with desired content it also moved content of / folders recursivly to /var location.
4) this resulted in movement of all binary files and folders required for normal OS operations
5) this movement restricted login through SSH/console.
6) post restoration of folders from /var location system got functions normally.
I tried replicating the issue on test Linux Box and it got replicated as below,
[root#TestVM001 ~]# ls -lrt
total 84
-rw-r--r-- 1 root root 4224 Feb 5 17:28 install.log.syslog
-rw-r--r-- 1 root root 38536 Feb 5 17:35 install.log
-rw------- 1 root root 955 Feb 5 17:35 anaconda-ks.cfg
drwxr-xr-x 2 root root 4096 Feb 5 20:03 Desktop
-rw-r--r-- 1 root root 119 Feb 5 20:28 ifcfg-eth0
-rw-r--r-- 1 root root 119 Feb 6 15:17 ifcfg-eth1
-rw-r--r-- 1 root root 44 Mar 1 05:08 student.txt
drwxr-xr-x 3 root root 4096 Mar 14 17:59 admin
[root#TestVM001 ~]# mv -vf * /*
`admin' -> `/var/admin'
`anaconda-ks.cfg' -> `/var/anaconda-ks.cfg'
`Desktop' -> `/var/Desktop'
`ifcfg-eth0' -> `/var/ifcfg-eth0'
`ifcfg-eth1' -> `/var/ifcfg-eth1'
`install.log' -> `/var/install.log'
`install.log.syslog' -> `/var/install.log.syslog'
`student.txt' -> `/var/student.txt'
`/bin' -> `/var/bin'
mv: cannot move `/boot' to `/var/boot': Device or resource busy
mv: cannot move `/dev' to `/var/dev': Device or resource busy
`/etc' -> `/var/etc'
`/home' -> `/var/home'
mv: cannot move `/lib' to a subdirectory of itself, `/var/lib'
`/lost+found' -> `/var/lost+found'
`/media' -> `/var/media'
`/mnt' -> `/var/mnt'
`/opt' -> `/var/opt'
mv: cannot move `/proc' to `/var/proc': Device or resource busy
`/root' -> `/var/root'
`/sbin' -> `/var/sbin'
`/selinux' -> `/var/selinux'
`/srv' -> `/var/srv'
mv: cannot move `/sys' to `/var/sys': Device or resource busy
`/tmp' -> `/var/tmp'
`/usr' -> `/var/usr'
[root#TestVM001 ~]# ls
-bash: /bin/ls: No such file or directory
[root#TestVM001 ~]# ls -lrt
-bash: /bin/ls: No such file or directory
[root#TestVM001 ~]# cd /
.autofsck boot/ lib/ sys/
.autorelabel dev/ proc/ var/
[root#TestVM001 ~]# cd /var/
account/ games/ lost+found/ selinux/
admin/ gdm/ mail/ spool/
anaconda-ks.cfg home/ media/ srv/
bin/ ifcfg-eth0 mnt/ student.txt
cache/ ifcfg-eth1 nis/ tmp/
crash/ install.log opt/ tux/
cvs/ install.log.syslog preserve/ usr/
db/ lib/ racoon/ www/
Desktop/ local/ root/ yp/
empty/ lock/ run/
etc/ log/ sbin/
Questions about this scenarios is,
1) Why mv command resulted in such behavior?
2) Is this behavior is a known Bug or Risk?
3) IS there any known way to restrict this, similar to alias concept usage?
When you do echo mv -f *.txt /* you will see that the last * has been expanded to /var. So you actually asked to move all files in / to /var.
The answers to your questions:
1) Why mv command resulted in such behavior?
mv tried to do exactly what you asked
2) Is this behavior is a known Bug or Risk?
It's not a bug. Unix/Linux do not have prompts "are you sure" but trust the you.
3) IS there any known way to restrict this, similar to alias concept usage?
You should do all normal work as a plain user, not root. The permissions on the important files are such, that they do not allow a normal user to do something harmful.
And when you must do something as root, be very careful!
Trying to move txt files to the root is suspicious: The root partition is small and should be kept for system files. Are the .txt files from Windows?
I have a directory cyanspring with a nohup.out file.
drwxr-xr-x 12 usr1 usr1 4096 Aug 20 13:59 cyanspring
Owner of the file is able to read it:
[root#lw414 usr1]# sudo -u usr1 ls -l cyanspring/nohup.out
-rw-r--r-- 1 usr1 usr1 30617 Aug 20 14:00 cyanspring/nohup.out
When I try to read it with another user, I get Permission denied.
[root#lw414 usr1]# sudo -u zabbix ls -l cyanspring/nohup.out
ls: cannot access cyanspring/nohup.out: Permission denied
If i go inside the directory, I am able to read the file with the same user who had "Permission Denied".
[root#lw414 usr1]# cd cyanspring
[root#lw414 cyanspring]# sudo -u zabbix ls -l nohup.out
-rw-r--r-- 1 usr1 usr1 30617 Aug 20 14:00 nohup.out
Absolute path doesn`t work as well.
I thought it doesn`t matter where you try to access the file from as long as you have the link and permissions. Can anybody give me a hint where I am wrong? Could it be because of outer folders permissions?
You got "Permission denied" because user zabbix does not have search permission to lachesis directory.
This can be fixed by starting this command from lachesis directory:
sudo chmod go+x .
Permissions are calculated for each directory beginning from current directory if you give relative path, or beginning from root, if you give absolute path.