| Title: | DIGITAL UNIX�(FORMERLY KNOWN AS DEC OSF/1) |
| Notice: | Welcome to the Digital UNIX Conference |
| Moderator: | SMURF::DENHAM |
| Created: | Thu Mar 16 1995 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 10068 |
| Total number of notes: | 35879 |
I just upgraded to T4.0D-1 (PTmin BL7 EFT1) from X4.0D-4
(PTmin BL4) and am having some strange permission problems.
Why is root having problems creating files in user directories
or reading files in user directories?
Did a miss a release note or did my install go bad (this
can't be proper behavior)?
- Sean
========================================================
hbnero_reilly(89)> rlogin avspg7 -l root
Last login: Fri May 30 11:43:25 from hbnero.eng.pko.d
Digital UNIX T4.0D-1 (Rev. 738.1); Fri May 30 10:32:11 EDT 1997
On Wed May 28 10:02:14 EDT 1997 your system was successfully updated from:
Digital UNIX X4.0D-4 [Rev. 667]; Tue Apr 8 13:55:14 EDT 1997
You have mail.
Fri May 30 11:54:51 EDT 1997
avspg7_root(97)> cd ~reilly
avspg7_root(98)> pwd
/avscl/users/reilly
avspg7_root(99)> ls -aFlsg
total 158
1 drwxr-xr-x 8 reilly users 512 Apr 2 10:57 ./
1 drwxr-xr-x 6 root users 512 Feb 25 16:09 ../
1 -rw------- 1 reilly users 368 Oct 26 1995 .Xauthority
5 -rw-r--r-- 1 reilly users 4987 May 15 13:01 .cshrc
2 -rwx------ 1 reilly users 1450 May 30 11:43 .history*
3 -rw-r--r-- 1 reilly users 2534 Apr 14 11:21 .login
1 -rw-r----- 1 reilly users 69 Oct 26 1995 .mh_profile
2 -rwxr--r-- 1 reilly users 1902 Nov 21 1995 .rhosts*
1 drwx------ 4 reilly users 512 Feb 28 12:10 Mail/
1 drwxr-xr-x 2 reilly users 1024 Apr 2 14:36 bin/
1 drwxr-xr-x 4 reilly users 512 Feb 25 16:09 info/
1 drwxr-xr-x 5 reilly users 512 Feb 25 16:09 man/
1 drwxr-xr-x 2 reilly users 512 Feb 25 16:09 scrap/
1 drwxr-xr-x 3 reilly users 512 Feb 25 16:09 tools/
avspg7_root(100)> touch x.x
touch: x.x cannot create
avspg7_root(102)> ls Mail
Mail: Permission denied
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 10004.1 | DECWET::MARTIN | Fri May 30 1997 15:45 | 33 | ||
Ummm.... is it possible that /avscl/users/reilly is NFS-mounted? If it is, and the exporting host doesn't give root permissions, that would explain the problem you're seeing. I just ran a quick check myself, and got: >>sherwd:/advfs_resource/LAT===- rlogin lister -l root Password: Last login: Tue May 27 16:42:04 from sherwd.zso.dec.c Digital UNIX T4.0D-1 (Rev. 738.1); Tue May 27 16:23:47 PDT 1997 . . . lister:/# cd ~martin lister:/usr/staff5/martin# ls -al total 16 8 drwxr-xr-x 2 martin staff 8192 May 27 16:33 ./ 8 drwxr-xr-x 4 root system 8192 May 27 16:33 ../ lister:/usr/staff5/martin# whoami root lister:/usr/staff5/martin# df . Filesystem 512-blocks Used Available Capacity Mounted on usr_domain#usr 1048576 702066 314464 70% /usr lister:/usr/staff5/martin# touch foo lister:/usr/staff5/martin# ls -al total 16 8 drwxr-xr-x 2 martin staff 8192 May 30 11:44 ./ 8 drwxr-xr-x 4 root system 8192 May 27 16:33 ../ 0 -rw-r--r-- 1 root staff 0 May 30 11:44 foo lister:/usr/staff5/martin# | |||||
| 10004.2 | WONDER::REILLY | Sean Reilly, Alpha Servers, DTN 223-4375 | Fri May 30 1997 16:43 | 13 | |
Yup, this was it, sort of...
/avscl was and ASE NFS service. By default, -r=0 is not
added to the 3rd level ASE exports file in /etc and, as
such, I got this behavior.
Using asemgr to edit in -r=0 solves the problem.
Is -r=0 a bad idea, though? I do want root to be superuser,
even on the ASE NFS services.
- Sean
| |||||
| 10004.3 | DECWET::MARTIN | Fri May 30 1997 20:26 | 7 | ||
-r=0 is a bad idea if there is any chance that someone you don't trust has root access on any node that could mount this filesystem. It opens up a potential security problem, but if there's a restricted hostlist, or you're within a firewall/not on a WAN, you should be OK. --Ken | |||||