[gentoo-user] permissions problem

[gentoo-user] permissions problem

[John Jolet]

Okay, I give up.  I've been struggling with a couple of very, very  
strange permissions problems for months.  I just finished an emerge - 
e system and emerge -e world hoping it would fix it.  first problem:  
trying to use sudo, but it keeps saying "can't open sudoers file,  
permission denied".  even if i'm root doing sudo it tells me that.   
here is permissions on /etc/sudoers: -r--r-----  1 root root 1643  
Feb  3 04:48 /etc/sudoers
here is sudo itself: ---s--x--x  1 root root 97104 Feb  4 08:53 /usr/ 
bin/sudo

I've compared this to other, working gentoo boxes and it all seems  
the same.  In addition, I'm trying to run MailScanner and if I try to  
have it run as postfix, I get a message that it can't open it's  
MailScanner.conf, even though i've made that owned by postfix.  Not  
sure if that's related, but it seems it could be.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] permissions problem

[Richard Fish]

On 2/4/06, John Jolet <john@jolet.net> wrote:
> Okay, I give up.  I've been struggling with a couple of very, very
> strange permissions problems for months.  I just finished an emerge -
> e system and emerge -e world hoping it would fix it.  first problem:
> trying to use sudo, but it keeps saying "can't open sudoers file,
> permission denied".  even if i'm root doing sudo it tells me that.

Try doing "strace sudo ..." as root.  That should at least tell you
what system call is returning -EPERM.

-Richard

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] permissions problem

[John Jolet]

On Feb 4, 2006, at 7:56 PM, Richard Fish wrote:

> On 2/4/06, John Jolet <john@jolet.net> wrote:
>> Okay, I give up.  I've been struggling with a couple of very, very
>> strange permissions problems for months.  I just finished an emerge -
>> e system and emerge -e world hoping it would fix it.  first problem:
>> trying to use sudo, but it keeps saying "can't open sudoers file,
>> permission denied".  even if i'm root doing sudo it tells me that.
>
> Try doing "strace sudo ..." as root.  That should at least tell you
> what system call is returning -EPERM.
>
okay, so I emerged strace and did that.  didn't find any "EPERM"  
thing, but did find this:
lstat64("/etc/sudoers", {st_mode=S_IFREG|0440, st_size=1643, ...}) = 0
setresgid32(-1, 0, -1)                  = 0
setresuid32(0, 1, 0)                    = 0
open("/etc/sudoers", O_RDONLY)          = -1 EACCES (Permission denied)
geteuid32()                             = 1
setresuid32(0, 0, 0)                    = 0
write(2, "sudo: ", 6sudo: )                   = 6
write(2, "can\'t open /etc/sudoers", 23can't open /etc/sudoers) = 23


which just says permission denied, right?  am I missing something  
simple here?  i mean, root can read anything, right?
> -Richard
>
> -- 
> gentoo-user@gentoo.org mailing list
>

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] permissions problem

[Jerry McBride]

On Saturday 04 February 2006 19:39, John Jolet wrote:
> Okay, I give up.  I've been struggling with a couple of very, very
> strange permissions problems for months.  I just finished an emerge -
> e system and emerge -e world hoping it would fix it.  first problem:
> trying to use sudo, but it keeps saying "can't open sudoers file,
> permission denied".  even if i'm root doing sudo it tells me that.
> here is permissions on /etc/sudoers: -r--r-----  1 root root 1643
> Feb  3 04:48 /etc/sudoers
> here is sudo itself: ---s--x--x  1 root root 97104 Feb  4 08:53 /usr/
> bin/sudo
>
> I've compared this to other, working gentoo boxes and it all seems
> the same.  In addition, I'm trying to run MailScanner and if I try to
> have it run as postfix, I get a message that it can't open it's
> MailScanner.conf, even though i've made that owned by postfix.  Not
> sure if that's related, but it seems it could be.

Root should be able to read anything.... yes.

If this was my computer, I'd go into single user mode, set the partition read 
only and run fsck on it. Use the -N switch on the first pass and see if 
everything is alright with the file system.





-- 

******************************************************************************
                     Registered Linux User Number 185956
              FSF Associate Member number 2340 since 05/20/2004
             Join me in chat at #linux-users on irc.freenode.net
    Buy an Xbox for $149.00, run linux on it and Microsoft loses $150.00!
Buy an Xbox 360 core  for $299.00, run linux on it and Microsoft loses $11.00!
  Buy an Xbox 360 for $399.00, run linux on it and Microsoft loses $126.00!
    9:49pm  up 139 days, 13:14,  4 users,  load average: 2.68, 2.27, 2.14
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] permissions problem

[Richard Fish]

On 2/4/06, Jerry McBride <mcbrides9@comcast.net> wrote:
> If this was my computer, I'd go into single user mode, set the partition read
> only and run fsck on it. Use the -N switch on the first pass and see if
> everything is alright with the file system.

Agreed.

Also if you have ACL support enabled, you should check the ACLs for
the file and make sure they grant root access to the file.

Also, double check your kernel configuration for any security options
you have.  I use CONFIG_SECURITY_CAPABILITIES, and I know that I have
some bizarre permissions issues if I don't load capability.ko.

-Richard

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Permissions problem

[Peter Humphrey]

Hello list,

I'd like to develop a blog using www-apps/jekyll, which makes extensive use of 
ruby gems, of which I have no experience. On trying to install a new default 
theme I get copious permission errors.

The ruby gems live in /usr/lib64/ruby/gems/3.1.0/gems, and to install anything 
in that tree I need write permission on the destination directory and execute 
permission on all those above it.

This poses an obvious security problem.

When I emerged jekyll and ran its installation routine, I found I had a new ~/
bin directory with nine executable files in it. ~/bin/update_rubygems has 
similar permission problems but is more concise in reporting them

I can't add myself to a group and grant it permissions, because there seems 
not to be any such group.

How do Gentoo Ruby users get around this?

-- 
Regards,
Peter.

Re: [gentoo-user] Permissions problem

[Stefan Schmiedl]

 
Dienstag, 15. August 2023 16:55:

 
> Hello list,

> I'd like to develop a blog using www-apps/jekyll, which makes extensive use of 
> ruby gems, of which I have no experience. On trying to install a new default 
> theme I get copious permission errors.

> The ruby gems live in /usr/lib64/ruby/gems/3.1.0/gems, and to install anything 
> in that tree I need write permission on the destination directory and execute 
> permission on all those above it.

> This poses an obvious security problem.

> When I emerged jekyll and ran its installation routine, I found I had a new ~/
> bin directory with nine executable files in it. ~/bin/update_rubygems has 
> similar permission problems but is more concise in reporting them

> I can't add myself to a group and grant it permissions, because there seems 
> not to be any such group.

> How do Gentoo Ruby users get around this?



 Hello Peter,

first make sure that you don't have any "suspicious" rubygem based
executables in your path that might confuse things. Some time ago
I found some ancient such files in /usr/local/bin ...

Next, with a default ruby/rubygems installation, a normal user should
be able to install gems into their own $HOME/.gem directory. I'm doing
this on several gentoo boxes, never had a problem with that approach.

On one of the servers, I can run the following command, to which you can
compare your environment

 $ gem environment
RubyGems Environment:
  - RUBYGEMS VERSION: 3.3.26
  - RUBY VERSION: 3.1.4 (2023-03-30 patchlevel 223) [x86_64-linux]
  - INSTALLATION DIRECTORY: /usr/lib64/ruby/gems/3.1.0
  - USER INSTALLATION DIRECTORY: /home/.../.gem/ruby/3.1.0
  - RUBY EXECUTABLE: /usr/bin/ruby31
  - GIT EXECUTABLE: /usr/bin/git
  - EXECUTABLE DIRECTORY: /usr/bin
  - SPEC CACHE DIRECTORY: /home/.../.gem/specs
  - SYSTEM CONFIGURATION DIRECTORY: /etc
  - RUBYGEMS PLATFORMS:
     - ruby
     - x86_64-linux
  - GEM PATHS:
     - /usr/lib64/ruby/gems/3.1.0
     - /home/.../.gem/ruby/3.1.0
     - /usr/local/lib64/ruby/gems/3.1.0
  - GEM CONFIGURATION:
     - :update_sources => true
     - :verbose => true
     - :backtrace => true
     - :bulk_threshold => 1000
     - "install" => "--install-dir /home/.../.gem/ruby/3.1.0 --bindir /home/.../bin"
     - "uninstall" => "--install-dir /home/.../.gem/ruby/3.1.0 --bindir /home/...bin"
     - "update" => "--install-dir /home/.../.gem/ruby/3.1.0 --bindir /home/.../bin"
  - REMOTE SOURCES:
     - https://rubygems.org/
  - SHELL PATH:
     - /usr/local/sbin
     - /usr/local/bin
     - /usr/sbin
     - /usr/bin
     - /sbin
     - /bin
     - /opt/bin