I can't send mail from Ubuntu and when I cat /var/log/apache2/error.log
I see the following error:
sh: 1: /usr/sbin/sendmail: Permission denied
Note :- SElinux is disabled
$ stat /usr/sbin/sendmail
File: ‘/usr/sbin/sendmail’ -> ‘/etc/alternatives/sendmail’
Size: 26 Blocks: 0 IO Block: 4096 symbolic link
Device: 801h/2049d Inode: 1318147 Links: 1
Access: (0777/lrwxrwxrwx) Uid: ( 0/ root) Gid: ( 0/ root)
You need to be a superuser to use any binaries found at sbin. As sendmail is in /usr/sbin/, you have to be superuser, If your are not, You will get the Permission denied error
Related
I try to check the attributes of some write-protected files in the.git directory using the command lsattr.
$ lsattr .git/objects/4d/8595f02d97d82a3c4464d9fc1bc47b255dd9bf
lsattr: Operation not supported While reading flags on .git/objects/4d/8595f02d97d82a3c4464d9fc1bc47b255dd9bf
$ stat .git/objects/4d/8595f02d97d82a3c4464d9fc1bc47b255dd9bf
File: .git/objects/4d/8595f02d97d82a3c4464d9fc1bc47b255dd9bf
Size: 115 Blocks: 8 IO Block: 4096 regular file
Device: 0,36 Inode: 436 Links: 1
Access: (0444/-r--r--r--) Uid: ( 1000/ test) Gid: ( 1000/ test)
$ file .git/objects/4d/8595f02d97d82a3c4464d9fc1bc47b255dd9bf
.git/objects/4d/8595f02d97d82a3c4464d9fc1bc47b255dd9bf: zlib compressed data
$ git -v
git version 2.39.1
uname -r
5.15.91-1-MANJARO\
I'd like to figure out why lsattr can't get the attributes of some files and how to make such files.
EDIT. Those files are on the tmpfs filesystem.
Because user extended attributes are not permitted on the tmpfs filesystem, this occurs. However, by enabling TMPFS_XATTR in kernel configuration, extended attributes on tmfps can be enabled.
In case it matters: I stumbled over this problem when backing up a directory using rsync in a Cygwin environment, and rsync suddenly gave the error message:
rsync: readdir("/cygdrive/d/portable/FirefoxPortable/Data/profile/storage/default/moz-extension+++4c6d0e71-68ce-470e-87aa-8db1a3f6524d^userContextId=4294967295/idb"): File exists (17)
Here, /cygdrive/d/portable/FirefoxPortable is the directory to be saved, and until now, this has worked fine. Suspecting that the real problem is not related to rsync, I did a
ls /cygdrive/d/portable/FirefoxPortable/Data/profile/storage/default/moz-extension+++4c6d0e71-68ce-470e-87aa-8db1a3f6524d^userContextId=4294967295/idb
and indeed got the error message
ls: reading directory '/cygdrive/d/portable/FirefoxPortable/Data/profile/storage/default/moz-extension+++4c6d0e71-68ce-470e-87aa-8db1a3f6524d^userContextId=4294967295/idb': File exists
So, idb is a directory (which is true), because ls says that it is reading this direcory, but why do I get a File exists error for a directory?
ls -ld /cygdrive/d/portable/FirefoxPortable/Data/profile/storage/default/moz-extension+++4c6d0e71-68ce-470e-87aa-8db1a3f6524d^userContextId=4294967295/idb
yields
drwxr-xr-x 1 FISRONA Domain Users 0 May 6 2019 '/cygdrive/d/portable/FirefoxPortable/Data/profile/storage/default/moz-extension+++4c6d0e71-68ce-470e-87aa-8db1a3f6524d^userContextId=4294967295/idb'
and
stat /cygdrive/d/portable/FirefoxPortable/Data/profile/storage/default/moz-extension+++4c6d0e71-68ce-470e-87aa-8db1a3f6524d^userContextId=4294967295/idb
displayed:
File: /cygdrive/d/portable/FirefoxPortable/Data/profile/storage/default/moz-extension+++4c6d0e71-68ce-470e-87aa-8db1a3f6524d^userContextId=4294967295/idb
Size: 0 Blocks: 0 IO Block: 65536 directory
Device: 5a61dfech/1516363756d Inode: 12873190524118251466 Links: 1
Access: (0755/drwxr-xr-x) Uid: (3672028/ FISRONA) Gid: (1049089/Domain Users)
Access: 2019-05-06 11:32:50.000000000 +0200
Modify: 2019-05-06 11:32:50.190000000 +0200
Change: 2019-05-06 11:32:50.190000000 +0200
Birth: 2019-05-06 11:32:50.190000000 +0200
What could be messed up here to cause this behaviour?
BTW, I also checked the parent directory (because sometimes, differences in upper/lower case filenames can result in odd effects under Cygwin, due to the underlying Windows operating system):
ls -l /cygdrive/d/portable/FirefoxPortable/Data/profile/storage/default/moz-extension+++4c6d0e71-68ce-470e-87aa-8db1a3f6524d^userContextId=4294967295/
total 0
drwxr-xr-x 1 FISRONA Domain Users 0 May 6 2019 idb
My linux is CentOS7.
When I run Elastic Beats-Auditbeat with non-root user,
It shows this error:
ERROR instance/beat.go:877 Exiting: 1 error: 1 error: failed to create audit client: failed to get audit status: operation not permitted
Exiting: 1 error: 1 error: failed to create audit client: failed to get audit status: operation not permitted`
So I check the capability which the process lacked with this command
strace ./auditbeat -c 1 localhost 2>&1 | grep EPERM and it shows:
epoll_ctl(4, EPOLL_CTL_ADD, 3, {EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, {u32=66785192, u64=140471267168168}}) = -1 EPERM (Operation not permitted)
epoll_ctl(4, EPOLL_CTL_DEL, 3, {0, {u32=0, u64=0}}) = -1 EPERM (Operation not permitted)
I found the lacked capability is CAP_BLOCK_SUSPEND by this doc.
But when I run command setcap cap_block_suspend=ep auditbeat it shows:
fatal error: Invalid argument
usage: setcap [-q] [-v] (-r|-|<caps>) <filename> [ ... (-r|-|<capsN>) <filenameN> ]
Note <filename> must be a regular (non-symlink) file.
Whereas the auditbeat is just a regular file:
[usr#linuxhost auditbeat-7.2.0-linux-x86_64]$ stat auditbeat
File: ‘auditbeat’
Size: 70418699 Blocks: 137544 IO Block: 4096 regular file
Device: pasef/17006b Inode: 410084318 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 1004/ usr ) Gid: ( 1004/ usr )
Access: 2019-08- 0:39:29.160306947 +000
Modify: 2019-06-20 23:04:01.000000000 +000
Change: 2019-08- 0:39:06.226434256 +000
Birth: -
How could I solve it?
Thank you.
I had the same problem. My issue happened because the file I was working with was in a mounted filesystem. I solved it by copying the file to /tmp, running setcap on the /tmp file, then creating a symlink from /tmp back to the original location.
I am running Centos 7 kernel 3.10.0 on Oracle's VirtualBox 4.3.20 with an ext4 filesystem.
It seems that setting the "A" flag on a file doesn't keep the access time field from updating.
I created a file and used stat to check the access time -
touch ./foo
stat ./foo
which returns the following
File: ./foo
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 1444417 Links: 1
Access: (0777/-rwxrwxrwx) Uid: ( 1000/ user_1) Gid: ( 1000/ user_1)
Context: unconfined_u:object_r:user_home_t:s0
Access: 2015-08-02 11:52:23.451524456 -0700
Modify: 2015-08-02 11:52:23.451524456 -0700
Change: 2015-08-02 11:52:23.451524456 -0700
Birth: -
If I then change the attribute and rerun stat -
sudo chattr +A ./foo
stat ./foo
I get the following which (I think) shows the access time value as updated?
File: ./foo
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 1444417 Links: 1
Access: (0777/-rwxrwxrwx) Uid: ( 1000/ user_1) Gid: ( 1000/ user_1)
Context: unconfined_u:object_r:user_home_t:s0
Access: 2015-08-02 11:53:32.400974020 -0700
Modify: 2015-08-02 11:53:32.400974020 -0700
Change: 2015-08-02 11:53:32.400974020 -0700
Birth: -
Am I misunderstanding the use of the A flag? I thought it would keep the access time from changing?
Thanks for any insights you can offer. I am just trying to understand how things work.
Rog
+A will keep the same atime when you open the file with vi for example and not modify it. The result you've posted after modifying the attribute doesn't look right to me. Changing the attribute should only affect the 'Change' timestamp. In your case, all 3 timestamps are the same.
I'm trying to share a NFS mount among multiple users. I can't get it to work, because I always get access denied. I can mount the shares, but I can't see the files.
The export is made through Heartbeat+Pacemaker. I don't think that makes the difference, but here's the export config:
primitive exports_nfs_proys ocf:heartbeat:exportfs \
params rmtab_backup="none" directory="/export/proyectos" clientspec="172.16.54.0/24" options="rw,async,no_subtree_check,insecure,root_squash" fsid="2" \
op monitor interval="30s" \
op start interval="0" timeout="240s"
So I mount the NFS share:
jorge.suarez#decp1304:~$ sudo mount -t nfs4 172.16.54.56:/proyectos/innovacion /mnt
jorge.suarez#decp1304:~$ cd /mnt
bash: cd: /mnt: Permission denied
On the client:
$ stat /mnt
File: «/mnt»
Size: 3896 Blocks: 0 IO Block: 1048576 directorio
Device: 19h/25d Inode: 131542 Links: 2
Access: (6770/drwsrws---) Uid: (65534/ nobody) Gid: ( 3001/proyecto-innovacion)
Access: 2012-08-23 14:47:53.953641353 +0200
Modify: 2012-08-23 14:47:53.263610391 +0200
Change: 2012-08-23 14:47:53.263610391 +0200
jorge.suarez#decp1304:/$ getent group | grep proyecto-innovacion
gproyecto-innovacion:*:3001:diego,felix,jorge.suarez,maria
jorge.suarez#decp1304:/$ getent passwd | grep jorge.suarez
jorge.suarez:*:4004:2000:Jorge Suárez de Lis:/home/remoto/jorge.suarez:/bin/bash
On the server:
root#ctserv01:/# stat /export/proyectos/innovacion
File: «.»
Size: 3896 Blocks: 0 IO Block: 4096 directorio
Device: fb04h/64260d Inode: 131542 Links: 2
Access: (6770/drwsrws---) Uid: (65534/ nobody) Gid: ( 3001/proyecto-innovacion)
Access: 2012-08-23 14:47:53.953641353 +0200
Modify: 2012-08-23 14:47:53.263610391 +0200
Change: 2012-08-23 14:47:53.263610391 +0200
root#ctserv01:/# getent group | grep proyecto-innovacion
proyecto-innovacion:*:3001:diego,felix,jorge.suarez,maria
root#ctserv01:/# getent passwd | grep jorge.suarez
jorge.suarez:*:4004:2000:Jorge Suárez de Lis:/home/remoto/jorge.suarez:/bin/bash
So, I'm doing something wrong, but all seems OK here. The UID/GID are matching on client and server.
If I set the directory permissions to 777 I can access, read and write the directory, but I want to restrict this just to some users so that's not an accepted solution.
Make sure you have SELinux disable on server and client
Make sure you use following option in export
rw,sync,no_root_squash
Make sure you allowed proper subnet or host name etc.