When running sudo make install I run into permission issues. This makes no sense to me as I would expect sudo to have permission to do anything.
Example of sudo vs non sudo execution:
This is also used by node.js make but I ran it separately.
[tydup13#kirk node]$ stat /home/tydup13/git/node/out/Release/obj.target/deps/cares/libcares.a
File: ‘/home/tydup13/git/node/out/Release/obj.target/deps/cares/libcares.a’
Size: 740904 Blocks: 1448 IO Block: 1048576 regular file
Device: 27h/39d Inode: 116264377 Links: 2
Access: (0664/-rw-rw-r--) Uid: (13993/ tydup13) Gid: (13993/ tydup13)
Context: system_u:object_r:nfs_t:s0
Access: 2014-01-30 15:31:52.473071581 -0700
Modify: 2014-01-30 15:29:08.425186992 -0700
Change: 2014-01-30 15:29:08.567191219 -0700
Birth: -
[tydup13#kirk node]$ sudo stat /home/tydup13/git/node/out/Release/obj.target/deps/cares/libcares.a
stat: cannot stat ‘/home/tydup13/git/node/out/Release/obj.target/deps/cares/libcares.a’: Permission denied
I discovered that sudo was squashed on the computer I was using and doesn't allow sudo to cross user boundaries for security. Useful and annoying at the same time.
Related
I am using a Windows Server 2019 with SMBServer Shares which get mounted on a SLES via CIFS.
When Windows does its periodic system cleanup (closing idle SMBServer sessions) the Linux server reconnects with following Kernel message:
CIFS: VFS: \\filer.example.com has not responded in 180 seconds. Reconnecting...
The reconnect seems to be successful, as reading and writing files to the mount is possible.
But querying disk stats is not possible anymore.
Bad file descriptor on df:
user#suse:~$ df -h
df: /mnt/test: Bad file descriptor
Filesystem Size Used Avail Use% Mounted on
...
Wrong data on stat:
user#suse:~$ stat /mnt/test
File: /mnt/test
Size: 0 Blocks: 0 IO Block: 1048576 directory
Device: 38h/56d Inode: 281474976710700 Links: 2
Access: (0755/drwxr-xr-x) Uid: ( 1100/ application-user) Gid: ( 80/ application-group)
Access: 2023-02-15 11:04:55.977807600 +0100
Modify: 2023-02-15 11:04:55.977807600 +0100
Change: 2023-02-16 09:50:07.638662000 +0100
Birth: 2023-02-10 14:07:14.408836200 +0100
I noticed the same problem when mounting subdirectories of a single share multiple times. The SLES does mount multiple shares, but each share only once.
I use google cloud shell to execute this program
Linux version
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
Tor version 0.3.5.10.
When I tried restarting "sudo service tor restart" Tor I received an error
[ ok ] Stopping tor daemon...done (not running - there is no /run/tor/tor.pid).
[....] Starting tor daemon...Jun 27 01:51:04.132 [warn] Directory /var/lib/tor cannot be read: Permission denied
Jun 27 01:51:04.132 [warn] Failed to parse/validate config: Couldn't create private data directory "/var/lib/tor"
Jun 27 01:51:04.132 [err] Reading config failed--see warnings above.
failed.
So I set full permissions for the tor directory sudo chmod -R 777 /var/lib/tor
[FAIL] Checking if tor configuration is valid ... failed!
Jun 27 01:53:59.685 [notice] Tor 0.3.5.10 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1g, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8.
Jun 27 01:53:59.685 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jun 27 01:53:59.685 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Jun 27 01:53:59.685 [notice] Read configuration file "/etc/tor/torrc".
Jun 27 01:53:59.688 [warn] Error setting groups to gid 114: "Operation not permitted".
Jun 27 01:53:59.688 [warn] If you set the "User" option, you must start Tor as root.
Jun 27 01:53:59.688 [warn] Failed to parse/validate config: Problem with User value. See logs for details.
Jun 27 01:53:59.688 [err] Reading config failed--see warnings above.
I use root privileges sudo su
[ ok ] Stopping tor daemon...done (not running - there is no /run/tor/tor.pid).
[....] Starting tor daemon...Jun 27 01:58:58.455 [warn] Directory /var/lib/tor cannot be read: Permission denied
Jun 27 01:58:58.455 [warn] Failed to parse/validate config: Couldn't create private data directory "/var/lib/tor"
Jun 27 01:58:58.455 [err] Reading config failed--see warnings above.
Is there any way that can help me solve my problem or how can i be able to install tor version 2.9.14?
You might have already solved the problem by now, if not I hope this can help.
Is there any way that can help me solve my problem?
OPTION 1
Let's take a look at these warnings:
[warn] Error setting groups to gid 114: "Operation not permitted".
[warn] If you set the "User" option, you must start Tor as root.
[warn] Failed to parse/validate config: Problem with User value.
To get a log of all users run cat /etc/passwd and you'll see debian-tor listed:
...
debian-tor:x:108:114::/var/lib/tor:/bin/false
...
The folder /var/lib/tor is owned by user debian-tor, so sudo -u debian-tor tor will work.
Alternatively, you can run this for your current user: (or chmod 777 for all)
chmod 700 -R /var/lib/tor/*
chown -R tor /var/lib/tor/
sudo service tor restart
You actually should run tor as non-root, else you get this message:
You are running Tor as root. You don't need to, and you probably shouldn't.
OPTION 2
As the warning suggests to see logs for details you should check for a message within dsmeg and /var/log/syslog. If you find anything then it can be AppArmor or SELinux blocking tor. Both SELinux and AppArmor provide a set of tools to isolate applications from each other to protect the host system from being compromised, so it's not recommended disabling them permanently but temporarily for debugging.
According to Debian SELinux support:
The Debian packaged Linux kernels have SELinux support compiled in,
but disabled by default.
Check the SELinux state with getenforce, if the output is Permissive or Disabled then you're set.
Moreover, looking at AppArmor/Progress:
Since Debian 10 (Buster), AppArmor is enabled by default.
To disable AppArmor on your system run: (reference)
sudo mkdir -p /etc/default/grub.d
echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"' \
| sudo tee /etc/default/grub.d/apparmor.cfg
sudo update-grub
sudo reboot
There's a chance that either one's the culprit. Users have reported similar issue here.
How can i be able to install tor version 2.9.14?
Downgrading the tor package is as simple as this:
sudo apt-get install tor=0.2.9.14
But why would you want do that?
tor v2 will be deprecated soon. You'll see warnings like:
[warn] At least one protocol listed as required in the consensus is
not supported by this version of Tor. You should upgrade. This version
of Tor will not work as a client on the Tor network. The missing
protocols are: DirCache=2 HSDir=2 HSIntro=4 Link=4-5
NB: Post on tor.stackexchange for tor related issues.
I have the following Dockerfile
FROM ubuntu:14.04
EXPOSE 8000
# Install nginx
RUN apt-get update -q \
&& apt-get install --no-install-recommends --no-install-suggests -y -q \
nginx \
&& rm -rf /var/lib/apt/lists/*
COPY ./nginx.conf /etc/nginx/
COPY ./index.html /usr/share/nginx/test/
RUN groupadd -r webgroup \
&& useradd -r -m -g webgroup webuser \
&& touch /run/nginx.pid \
&& chown -R webuser:webgroup /var/log/nginx /var/lib/nginx /run/nginx.pid
USER webuser
CMD nginx
When I run it I get Permission denied on /var/log/nginx:
mikhails-mbp:test-docker-nginx mkuleshov$ docker run -p 8000:8000 mytest
nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2016/10/02 17:02:51 [emerg] 5#0: open() "/var/log/nginx/access.log" failed (13: Permission denied)
If I get into the container with bash I see:
webuser#d190146a0e8d:/var/log/nginx$ ls -la
total 8
drwxr-x--- 2 webuser webgroup 4096 Jun 2 15:16 .
drwxrwxr-x 8 root syslog 4096 Oct 2 17:02 ..
How is it possible? During the above session I also cannot create files under that user.
Thing that helped: Removing the /var/log/nginx and recreating it again. But I have no idea why this happens.
There is no SELinux.
Has anyone encountered anything like that or is there anything I'm doing wrong?
P.S. Here is docker info if it can help
mikhails-mbp:test-docker-nginx mkuleshov$ docker info
Containers: 179
Running: 0
Paused: 0
Stopped: 179
Images: 901
Server Version: 1.11.2
Storage Driver: aufs
Root Dir: /mnt/sda1/var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 1109
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge null host
Kernel Version: 4.4.12-boot2docker
Operating System: Boot2Docker 1.11.2 (TCL 7.1); HEAD : a6645c3 - Wed Jun 1 22:59:51 UTC 2016
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.955 GiB
Name: default
ID: 3K5S:3QBN:BXGY:FASS:VG6P:D4CS:UXRK:GYXB:HJQG:SIQH:F6KQ:N4BN
Docker Root Dir: /mnt/sda1/var/lib/docker
Debug mode (client): false
Debug mode (server): true
File Descriptors: 15
Goroutines: 32
System Time: 2016-10-02T17:08:51.355144074Z
EventsListeners: 0
Username: mkuleshov
Registry: https://index.docker.io/v1/
Labels:
provider=virtualbox
P.P.S. Here is a test repo with configs for that case: https://github.com/aides/test-docker-nginx
Most likely adding your user into adm group will solve your issue.
Try sudo usermod -aG adm webuser
More details: https://askubuntu.com/questions/421684/cant-access-apache-error-logs
I am running Amazon Linux(redhat OS) in EC2.
When I try to rpmbuild a tar I got stuck with this one
checking for x86_64-redhat-linux-gcc... no
checking for gcc... no
checking for x86_64-redhat-linux-cc... no
checking for cc... no
checking for x86_64-redhat-linux-cl.exe... no
checking for cl.exe... no
configure: error: in `/home/falko/rpm/BUILD/courier-unicode-1.1':
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details
error: Bad exit status from /var/tmp/rpm-tmp.RkeUmM (%prep)
when I try to check the ff:
$ rpm -q gcc
gcc-4.8.2-3.19.amzn1.noarch
And
$ gcc -v
-bash: gcc: command not found
And
# which gcc
/usr/bin/which: no gcc in (/sbin:/bin:/usr/sbin:/usr/bin:/opt/aws/bin)
I even tried to install it again
# yum install gcc
Loaded plugins: priorities, update-motd, upgrade-helper
amzn-main/latest | 2.1 kB 00:00
amzn-updates/latest | 2.3 kB 00:00
Package gcc-4.8.2-3.19.amzn1.noarch already installed and latest version
Nothing to do
And even remove and reinstall it, I had tried. No luck for me. Can someone please help me about this one I am just trying to install a mail server.
$ sudo find / -name gcc -exec stat "{}" ";"
File: ‘/usr/include/boost/mpl/aux_/preprocessed/gcc’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: ca01h/51713d Inode: 33142 Links: 2
Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2014-03-08 00:09:16.000000000 +0000
Modify: 2014-08-01 10:17:15.793438394 +0000
Change: 2014-08-01 10:17:15.793438394 +0000
Birth: -
File: ‘/usr/lib/gcc’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: ca01h/51713d Inode: 18082 Links: 3
Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2014-03-25 01:30:05.000000000 +0000
Modify: 2014-03-25 01:30:05.000000000 +0000
Change: 2014-07-24 00:39:05.646351830 +0000
Birth: -
File: ‘/usr/libexec/gcc’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: ca01h/51713d Inode: 18392 Links: 3
Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2014-03-25 01:30:05.000000000 +0000
Modify: 2014-07-24 00:39:02.206416684 +0000
Change: 2014-07-24 00:39:02.206416684 +0000
Birth: -
I have this message on phpmyadmin website
The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated. To find out why click here.
On the 'click here' page I have this:
Page printscreen
My nginx error are:
2014/06/27 15:08:15 [error] 4922#0: *886 FastCGI sent in stderr: "PHP message: phpmyadmin: Failed to load /var/lib/phpmyadmin/blowfish_secret.inc.php Check group www-data has read access and open_basedir restrictions.
PHP message: phpmyadmin: Failed to load /var/lib/phpmyadmin/config.inc.php Check group www-data has read access and open_basedir restrictions.2014/06/27 15:17:07 [error] 5119#0: *939 FastCGI sent in stderr: "PHP message: phpmyadmin: Failed to load /var/lib/phpmyadmin/blowfish_secret.inc.php Check group www-data has read access and open_basedir restrictions.
PHP message: phpmyadmin: Failed to load /var/lib/phpmyadmin/config.inc.php Check group www-data has read access and open_basedir restrictions" while reading response header from upstream, client: 1***, server: _, request: "GET /phpmyadmin/js/messages.php?lang=en&db=&token=**** HTTP/1.1", upstream: "fastcgi://unix:/var/lib/php5-fpm/ispconfig.sock:", host: "****:8080", referrer: "https://****:8080/phpmyadmin/chk_rel.php?db=&table=&server=1&target=&token=****"
I give them permissions with this cmd for all 3 files:
chgrp www-data /var/lib/phpmyadmin/blowfish_secret.inc.php
chmod 644 /var/lib/phpmyadmin/blowfish_secret.inc.php
How to fix the open_basedir restrictions?
I checked Google but didn't find anything. Please give me some help or tips how to fix it. Thank you!
Ubuntu version:
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04 LTS"
Here's my configuration:
drwxr-xr-x 3 root root 4096 feb 14 10:05 phpmyadmin/
that's for folder. And for those two files:
-rw-r----- 1 root www-data 60 feb 14 10:05 blowfish_secret.inc.php
-rw-r----- 1 root www-data 0 feb 14 10:05 config.inc.php
Hope this will help. Also check for php5-mcrypt extension. If it's not working properly, use
sudo php5enmod mcrypt
to install it, and then just restart ngnix. here are commands:
chmod 755 /var/lib/phpmyadmin
chmod 664 /var/lib/blowfish_secret.inc.php
chmod 664 /var/lib/config.inc.php
those commands should work. :)