I am unable to run scripts from a mounted partition. I have created a basic "Hello World" script that will execute from my home directory fine, but when I move it to the mounted partition, I am unable to execute the file.
$ ls -l
-rwxr-xr-x 1 user user 31 Mar 4 21:33 test.sh
$ ./test.sh
-bash: ./test.sh: Permission denied
$ sudo ./test.sh
[sudo] password for user:
sudo: unable to execute ./test.sh: Permission denied
$ cd ..
$ ls -l
drwxrwxrwx 6 user root 4096 Mar 4 21:34 sda5
I have no idea what to do.
ETA: I am able to use "bash test.sh" to execute the file, just not ./test.sh. I am able to do ./test.sh in the home directory.
The file system was mounted with noexec which prevented executing files.
Related
Not able to execute below touch command in same session of user - weblogic. Instead below touch command is executing on user - djaiswa2 and is failing [Because it is trying to access the path whose owner is weblogic].
[djaiswa2#cdcesb01 tmp]$ cat test.sh
#!/bin/bash
sudo su - weblogic;
touch /opt/middleware/.ssh/authorized_keys;
chmod 755 /opt/middleware/.ssh/authorized_keys;
[djaiswa2#cdcesb01 tmp]$ sh -x test.sh
+ sudo su - weblogic
Last login: Thu Aug 26 00:38:06 EDT 2021 on pts/0
-bash-4.2$ exit
logout
+ touch /opt/middleware/.ssh/authorized_keys
touch: cannot touch ‘/opt/middleware/.ssh/authorized_keys’: Permission denied
+ chmod 755 /opt/middleware/.ssh/authorized_keys
chmod: cannot access ‘/opt/middleware/.ssh/authorized_keys’: No such file or directory
You need to use su command with -c option to specify the commands to be executed.
for exampe:
sudo su - weblogic -c "touch /opt/middleware/.ssh/authorized_keys; chmod 755 /opt/middleware/.ssh/authorized_keys"
How can I grant permission for user to run command env whenever I call it, I get
bash: /bin/env: Permission denied
noting the user is sudo
ls -lL /usr/bin/env -rwxr--r--. 1 root root 29048 Oct 30 21:16 /usr/bin/env
sudo env
works okey
env
produces
permission denied
I can't understand how exactly this works in Linux.
For example, I want only users in some group have access to execute some file (I hope this is possible without visudo).
I create a system user and system group like:
useradd -K UID_MIN=100 -K UID_MAX=499 -K GID_MIN=100 -K GID_MAX=499 -p \* -s /sbin/nologin -c "testusr daemon,,," -d "/var/testusr" testusr
I add my current user user to the group testusr (may be not cross platform):
adduser user testusr
I create some test shell file and set permissions:
touch test.sh
chmod ug+x test.sh
sudo chown testusr:testusr test.sh
But I still can't start test.sh as user:
./test.sh
-> Error
Now I look for some system groups like cdrom to check how they work. My user is in cdrom group and can use the cd rom on my computer:
$ ls -al /dev/cdrom
lrwxrwxrwx 1 root root 3 апр. 17 12:55 /dev/cdrom -> sr0
$ ls -al /dev/sr0
brw-rw----+ 1 root cdrom 11, 0 апр. 17 12:55 /dev/sr0
Addition:
./test.sh command starts to work as I want after system reboot. Strange...
I'm on Ubuntu Studio 15.10
The group changes are reflected only upon re-login.
If I do:
ls -al /usr/local/bin/kill-all-sales-apps
I see:
-r-xr-xr-- 1 jenkins root 68 Aug 4 12:10 kill-all-sales-apps
If I sudo to root and then su to jenkins, I should be able to delete this, yes?
Other relevant information about the directory and its parent:
drwxr-xr-x 2 root root 4096 Aug 4 12:11 .
drwxr-xr-x 10 root root 4096 May 7 17:20 ..
If I do:
groups jenkins
then I see than the user "jenkins" has been added to the "root" group:
jenkins : jenkins root run-server-software
But if I:
rm /usr/local/bin/kill-all-sales-apps
I get:
rm: remove write-protected regular file ‘/usr/local/bin/kill-all-sales-apps’? y
rm: cannot remove ‘/usr/local/bin/kill-all-sales-apps’: Permission denied
Why is permission denied?
As to why the jenkins user can't delete, the jenkins user needs write permissions on the parent folder of the file you're looking to delete. This is because you're actually removing directory entries from the parent folder.
Usually, on most filesystems, deleting a file requires write
permission on the parent directory (and execute permission, in order
to enter the directory in the first place). (Note that, confusingly
for beginners, permissions on the file itself are irrelevant. However,
GNU rm asks for confirmation if a write-protected file is to be
deleted, unless the -f option is used.)
Source: Wikipedia - Rm_(Unix)
So try running...
ls -ld /usr/local/bin
And make sure the jenkins user has write permissions on /usr/local/bin
Another way to do it is to modify sudoers to give jenkins user sudo permissions to rm only that file via sudo. Here's an example giving the user joe the explicit permission to sudo rm the file /usr/local/src/noperms/hi.txt from a directory he does not have write permissions to. But limiting him from deleting anything else in that directory.
For example:
[root#joeyoung.io ~]# mkdir -p /usr/local/src/noperms
[root#joeyoung.io ~]# chmod -R 455 /usr/local/src/noperms
[root#joeyoung.io ~]# touch /usr/local/src/noperms/hi.txt
[root#joeyoung.io ~]# echo "hi" >> /usr/local/src/noperms/hi.txt
[root#joeyoung.io ~]# chmod 455 /usr/local/src/noperms/hi.txt
[root#joeyoung.io ~]# su - joe
[joe#joeyoung.io ~]$ cat /usr/local/src/noperms/hi.txt
hi
[joe#joeyoung.io ~]$ rm /usr/local/src/noperms/hi.txt
rm: remove write-protected regular file `/usr/local/src/noperms/hi.txt'? y
rm: cannot remove `/usr/local/src/noperms/hi.txt': Permission denied
[joe#joeyoung.io ~]$ exit
[root#joeyoung.io ~]# visudo
[root#joeyoung.io ~]# diff -Nur /tmp/sudoers.orig /etc/sudoers
--- /tmp/sudoers.orig 2015-08-04 17:17:24.020781442 +0200
+++ /etc/sudoers 2015-08-04 17:24:21.258274163 +0200
## -101,6 +101,7 ##
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
+joe ALL=(root) NOPASSWD: /bin/rm /usr/local/src/noperms/hi.txt
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
[root#joeyoung.io ~]# su - joe
[joe#joeyoung.io ~]$ sudo /bin/rm /usr/local/src/noperms/hi.txt
[joe#joeyoung.io ~]$ exit
[root#joeyoung.io ~]# ls -al /usr/local/src/noperms/hi.txt
ls: cannot access /usr/local/src/noperms/hi.txt: No such file or directory
[root#joeyoung.io ~]# ls -al /usr/local/src/noperms/
On ubuntu 10.04.4 server, I did this:
sudo mkdir -p /data/somedir
sudo chown -R www-data.www-data /data/somedir
sudo chmod -R g+w /data/somedir
sudo usermod -a -G www-data john ##john is current login user.
. With these operations done, I suppose to have write permission in /data/somedir. But when I did this:
echo "123" > /data/somedir/123
, I got:
-bash: /data/somedir/123: Permission denied
The ls -l output:
$ ls -l /data/
total 4
drwxrwxr-x 2 www-data www-data 4096 2012-04-24 22:30 somedir
Question is: why? Is there something I still need to do after that?
Changes made with usermod only take effect on following logins; your existing login session does not yet have the www-data group, as you can verify with id. It is not easy to alter the identity of running processes (newgrp might work); the easiest way to deal is to log out and back in.