[CLUE-Tech] Re: I tried the 'chattr +i'
Mike Staver
staver at fimble.com
Wed May 22 17:27:31 MDT 2002
I'll agree with you there Joe that linux has a long way to go in the
user-friendliness area. I'm beginning to like it more and more though
simply because the more I use it, the more I figure out and remember for
next time. Granted, moving from one distro to the next just confuses me
greatly. So, I try to stick to just one distro, and so far, that one
has been Red Hat. However, I STILL can't seem to get my monitor to not
go black after 15 minutes :(
Joe Linux wrote:
>
> I don't really want to change it recursively. Just locking the main
> folder should be enough. It's fine during the short period it stays
> changed.
>
> I appreciate your help, but my observation and belief is that Linux is
> damn user unfriendly. I used Libranet 1.9.1 for a long time. I don't
> remember this same sort of problem, but I can't be sure. That was the
> best Linux I ever used, but it went out of date. Then their 2.0 was a
> generalized mess. I believe they are still trying to fix it.
>
> David Jackson wrote:
>
> > Joe --
> > You have to use -R flag for recursive.
> > This is a bandaid solutions you need to find the script that runs
> > a schedule job that does this.
> > su - # not su
> > crontab -l # this will tell you what jobs are scheduled as to run
> > automaticly
> > as part of root cron.
> > David
> >
> >> I tried the "chattr +i" idea on another user but I got an error
> >> message.
> >> [jl at localhost jl]$ su
> >> Password:
> >> [root at localhost jl]# chattr +i /home/ru
> >> chattr: Inappropriate ioctl for device while reading flags on
> >> /home/ru
> >> [root at localhost jl]#
> >> [root at localhost jl]# chattr +i 770 /home/ru
> >> chattr: No such file or directory while trying to stat 770
> >> chattr: Inappropriate ioctl for device while reading flags on
> >> /home/ru
> >> [root at localhost jl]#
> >> Jed S. Baer wrote:
> >>
> >> > On Wed, 22 May 2002 14:08:30 -0600
> >> > Joe Linux <joelinux at earthlink.net> wrote:
> >> >
> >> >> After a great deal of time consuming effort, I thought I had
> >> >> the
> >> >> Mandrake permissions problem solved, but now they have come
> >> >> back as
> >> >> before -
> >> >> 755. It seems rather odd to me that on a multi-user system
> >> >> that one
> >> >> user can peer into another users files, and you can't do
> >> >> anything to
> >> >> stop it.
> >> >>
> >> > Hey, on my system, I can set file permissions so even I can't see
> >> > my
> >> > own files. ;-)
> >> >
> >> >> Mandrake Linux is like a glass house with no window shades.
> >> >>
> >> > Well, you know what they say: Those who live in glass houses
> >> > shouldn't
> >> > throw stones.
> >> > Seriously, AFAICT, this is unique to your system. Finding it
> >> > might in
> >> > fact be a major pain. IIRC, the original problem was that some
> >> > program
> >> > is changing the permissions on a file? Maybe someone already
> >> > suggested
> >> > this, but, as root, do a chattr +i {name of file}. This will make
> >> > the
> >> > file "immutable". Then you can look through your log files, or
> >> > maybe
> >> > your cron status e-mails (sent to root, most likely), for a
> >> > program
> >> > reporting an error on {name of file}.
> >> > Presumably, you've looked through all the stuff that runs in the
> >> > various /etc/cron* directories for culprits?
> >> > jed
> >> >
--
-Mike Staver
staver at fimble.com
mstaver at globaltaxnetwork.com
Received: from tummy.com (IDENT:jozxhZ5sMRP7z84wfRh3Jc7txbP4EyUv at secure.tummy.com [198.49.126.3])
by clue.denver.co.us (8.9.3/8.9.3) with SMTP id AAA03482
for <clue-tech at clue.denver.co.us>; Tue, 21 May 2002 00:28:39 -0600
Received: (qmail 27358 invoked by uid 10); 21 May 2002 06:30:48 -0000
Received: (qmail 26416 invoked by uid 500); 21 May 2002 06:30:43 -0000
Date: Tue, 21 May 2002 00:30:43 -0600
From: Sean Reifschneider <jafo at tummy.com>
To: clue-tech at clue.denver.co.us
Subject: Re: [CLUE-Tech] Colbalt: Which Distro?
Message-ID: <20020521003043.B26322 at tummy.com>
References: <1319.63.165.194.104.1021933285.cqhost at webmail.cqhost.com> <20020520224148.GA5407 at swordfish.havenrock.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020520224148.GA5407 at swordfish.havenrock.com>; from mgushee at havenrock.com on Mon, May 20, 2002 at 04:41:48PM -0600
Sender: clue-tech-admin at clue.denver.co.us
Errors-To: clue-tech-admin at clue.denver.co.us
X-BeenThere: clue-tech at clue.denver.co.us
X-Mailman-Version: 2.0beta2
Precedence: bulk
Reply-To: clue-tech at clue.denver.co.us
List-Id: CLUE technical discussions, questions and answers. <clue-tech.clue.denver.co.us>
On Mon, May 20, 2002 at 04:41:48PM -0600, Matt Gushee wrote:
>On Mon, May 20, 2002 at 06:21:25PM -0400, David Jackson wrote:
>
>> Which Linux Distro is Sun Cobalt servers based on?
>> The site just says Linux 2.2 multi-tasking OS?
>
>Somebody probably has the real answer, but Debian and Caldera are the
>only distros I know of with recent distros in the 2.x range. RedHat,
They're talking about the kernel when they say "2.2". It's basically Red
Hat, though they have added "special sauce" packages (literally "rpm -qa |
grep special").
Sean
--
"I'm a big girl." "Yeah, and in all the right places, too."
-- _North_by_Northwest_
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Received: from tummy.com (IDENT:aBQAysb2ILnCqIYIK48jjdKeEa7y9Dnq at secure.tummy.com [198.49.126.3])
by clue.denver.co.us (8.9.3/8.9.3) with SMTP id AAA01295
for <clue-tech at clue.denver.co.us>; Mon, 20 May 2002 00:08:26 -0600
Received: (qmail 844 invoked by uid 10); 20 May 2002 06:10:25 -0000
Received: (qmail 3966 invoked by uid 500); 20 May 2002 05:55:45 -0000
Date: Sun, 19 May 2002 23:55:45 -0600
From: Sean Reifschneider <jafo at tummy.com>
To: clue-tech at clue.denver.co.us
Cc: jhuber at fallenknight.org
Subject: Re: [CLUE-Tech] Redhat 7.2: No password for init 1
Message-ID: <20020519235545.A2884 at tummy.com>
References: <000601c1ff76$722f2280$0101a8c0 at fallenknight.org> <3168.63.165.196.32.1021871459.cqhost at webmail.cqhost.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <3168.63.165.196.32.1021871459.cqhost at webmail.cqhost.com>; from david.j.jackson at pickledbeans.com on Mon, May 20, 2002 at 01:10:59AM -0400
Sender: clue-tech-admin at clue.denver.co.us
Errors-To: clue-tech-admin at clue.denver.co.us
X-BeenThere: clue-tech at clue.denver.co.us
X-Mailman-Version: 2.0beta2
Precedence: bulk
Reply-To: clue-tech at clue.denver.co.us
List-Id: CLUE technical discussions, questions and answers. <clue-tech.clue.denver.co.us>
On Mon, May 20, 2002 at 01:10:59AM -0400, David Jackson wrote:
>I at a lost to explain why Redhat does this?
>Solaris, Debian and Slackware don't.
Well, part of the justification for allowing it is that if you have
physical access to the box, all bets are off... Throwing up a login prompt
doesn't really help security when you can just as easily do init=/bin/sh,
boot from a floppy or CD and mount up the file-system, or for a little more
effort you can pop the drive into another box, boot up on it's primary
disc, and modify away to your heart's content...
Sean
--
Program *INTO* a language, not *IN* it.
-- David Gries
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
Received: from maple.phpwebhosting.com (maple.phpwebhosting.com [66.33.60.223])
by clue.denver.co.us (8.9.3/8.9.3) with SMTP id NAA07597
for <clue-tech at clue.denver.co.us>; Wed, 22 May 2002 13:05:04 -0600
Received: (qmail 28090 invoked by uid 508); 22 May 2002 19:07:13 -0000
Received: from unknown (HELO dissociatedpress.net) (12.253.234.254)
by maple.phpwebhosting.com with SMTP; 22 May 2002 19:07:13 -0000
Message-ID: <3CEBCEB6.1040709 at dissociatedpress.net>
Date: Wed, 22 May 2002 13:00:38 -0400
From: "Joe 'Zonker' Brockmeier" <jzb at dissociatedpress.net>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc2) Gecko/20020510
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: clue-tech at clue.denver.co.us
Subject: Re: [CLUE-Tech] Directory permissions -- problems with "-w--w--w-"
References: <3CEBB303.5010103 at pcisys.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: clue-tech-admin at clue.denver.co.us
Errors-To: clue-tech-admin at clue.denver.co.us
X-BeenThere: clue-tech at clue.denver.co.us
X-Mailman-Version: 2.0beta2
Precedence: bulk
Reply-To: clue-tech at clue.denver.co.us
List-Id: CLUE technical discussions, questions and answers. <clue-tech.clue.denver.co.us>
bof wrote:
> But when I changed the directory permissions to -w--w--w-, I could not
> add a new file or delete any of the existing files, getting a
> "permission denied" message. This is not as I understand it: I should be
> able to do this.
As I understand it, this is because a utility cannot write a file to a
directory unless it can "see" (r) the files in the directory and the
same goes for deleting a file. For example, rm returns an error if you
try to remove a file that does not exist. The first thing it does
(AFAIK) is to "look" to see if the file in fact exists before attempting
to remove it, then checks the permissions before trying to remove it and
finally, it will actually remove it if test 1 and test 2 have passed. If
file does not exist, error. If file exists but you do not have
sufficient permissions, error. It must read the file before it can
decide this, though. I imagine that most of the other GNU utilies
perform the same checks.
Take care,
Zonker
--
Joe 'Zonker' Brockmeier -=- jbrockmeier at earthlink.net
http://www.DissociatedPress.net/
ymessenger: jbrockmeier / AIM: ZonkerJoe
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Your mother dresses you funny and you need a mouse to delete files.
More information about the clue-tech
mailing list