[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] permissions, groups and admin.

Subject: [cobalt-users] permissions, groups and admin.
From: astorm <astorm@xxxxxxxxxxxxx>
Date: Tue Aug 12 12:15:02 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

OK, I have a Cobalt/Linux question that I'm hoping someone can help mewith.

As I understand things, on a cobalt box (XTR specifically) the user"admin" is a member of all the "site" (site1, site2, site3 etc.)groups. Because the RAQs are setup like this, that means the adminaccount can "see" (among other things) any sites log files


--------------------------------------------------
[admin admin]$ ls -ld /home/sites/site1/logs

drwxr-s--- 3 nobody site1 4096 Apr 14 04:02/home/sites/site1/logs


[admin site81]$ ls -l /home/sites/site1/logs
total 5016
drwxr-sr-x    6 root     site1        4096 Jul  2 04:14 2003
-rw-r--r--    1 root     site1      732216 Jun 30 04:31 ftp.log
-rw-r--r--    1 root     site1     4382701 Jul 23 04:20 web.log
--------------------------------------------------

The other day, I noticed something strange. I tried to cd into the logsdirectory for the site at /home/sites/site81, and was denied


--------------------------------------------------
[admin /etc]$ cd /home/sites/site81/logs
bash: /home/sites/site81/logs: Permission denied
--------------------------------------------------

However, the permissions appear to be the same as the other logs folders

--------------------------------------------------
[admin /etc]$ ls -ld /home/sites/site81/logs

drwxr-s--- 3 nobody site81 4096 Aug 12 04:03/home/sites/site81/logs

--------------------------------------------------

I peeked inside the /etc/group files, and admin did appear as a memberfor site81 [? marks replace administrative username for privacy]


--------------------------------------------------
[admin /etc]$ less group | grep 'site81'
site81:x:193:??????,admin,alteradmin
--------------------------------------------------

Acting on a paranoid hunch, I tried to access other site's logsfolders, starting from site1. I had no problems until I reached site32


--------------------------------------------------
[admin sites]$ ls -l /home/sites/site31/logs
total 1952
drwxr-sr-x    7 root     site31       4096 Aug  2 04:15 2003
-rw-r--r--    1 root     site31      41011 Jun  3 04:12 ftp.log
-rw-r--r--    1 root     site31    1942094 Aug 12 04:03 web.log

[admin sites]$ ls -l /home/sites/site32/logs
ls: /home/sites/site32/logs: Permission denied

[admin sites]$ ls -l /home/sites/site33/logs
ls: /home/sites/site33/logs: Permission denied
--------------------------------------------------

For every site after site31 (numerically speaking site32, site33 etc.)I was unable to access the logs folder. (without, obviously, "su"ingin).

Site32 happens to have front page extensions enabled. I thought thatmight have something to do with my problems, but it's a stab in thedark.

So, can anyone tell me what's going on here? Is there something screwywith my server, or do I lack some key understanding of UNIXpermissions/groups? Any help is greatly appreciated.



--
Alan Storm
astorm@xxxxxxxxxxxxx

Prev by Date: [cobalt-users] Need help for procmail rules
Next by Date: [cobalt-users] email pop3 failure
Previous by thread: [cobalt-users] Help with unruly raq4
Next by thread: [cobalt-users] email pop3 failure

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index