Strange /sbin and /usr/sbin permissions - Redhat

This is a discussion on Strange /sbin and /usr/sbin permissions - Redhat ; I have a relatively fresh FC5 installation, but for some reason I cannot write to /usr/sbin or /sbin as root. The only after installation modification to the system is an installation of zimbra in /opt/zimbra A shell session might explain ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Strange /sbin and /usr/sbin permissions

  1. Strange /sbin and /usr/sbin permissions

    I have a relatively fresh FC5 installation, but for some reason I
    cannot write to /usr/sbin or /sbin as root. The only after installation
    modification to the system is an installation of zimbra in /opt/zimbra


    A shell session might explain it better than my prose can:


    [root@localhost sbin]# cd /
    [root@localhost /]# ls -alhd /usr/sbin
    drwxr-xr-x 2 root root 12K Nov 29 04:04 /usr/sbin
    [root@localhost /]# id
    uid=0(root) gid=0(root)
    groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(di sk),10(wheel)
    [root@localhost /]# touch /usr/sbin/foobarbaz
    touch: cannot touch `/usr/sbin/foobarbaz': Permission denied
    [root@localhost /]# chmod 755 /usr/sbin
    chmod: changing permissions of `/usr/sbin': Operation not permitted
    [root@localhost /]# mv /usr/sbin /usr/sbin.blah
    mv: cannot move `/usr/sbin' to `/usr/sbin.blah': Operation not
    permitted
    [root@localhost /]# getfacl /usr/sbin
    getfacl: Removing leading '/' from absolute path names
    # file: usr/sbin
    # owner: root
    # group: root
    user::rwx
    group::r-x
    other::r-x


    I am ssh'ed into the server. The same thing happens for /sbin but it
    does not happen for /usr/local/sbin
    Does FC have some magically security system that I don't know about?
    I'm coming from a Debian background.


  2. Re: Strange /sbin and /usr/sbin permissions

    ohh, in case it helps: the filesystem is ext3 and is running on a
    raid-1 software raid device /dev/md0
    The entire root filesystem is on the same partition.


  3. Re: Strange /sbin and /usr/sbin permissions

    On Dec 27, 3:30 pm, "jlowery" wrote:
    > I have a relatively fresh FC5 installation, but for some reason I
    > cannot write to /usr/sbin or /sbin as root. The only after installation
    > modification to the system is an installation of zimbra in /opt/zimbra

    [...]
    > I am ssh'ed into the server. The same thing happens for /sbin but it
    > does not happen for /usr/local/sbin
    > Does FC have some magically security system that I don't know about?
    > I'm coming from a Debian background.


    Hi,

    are you using SELinux? Check /etc/selinux/config. If yes you will have
    to check the its configuration which could be preventing you to change
    /sbin in your context.

    Matteo


  4. Re: Strange /sbin and /usr/sbin permissions

    Teo wrote:
    >
    > Hi,
    >
    > are you using SELinux? Check /etc/selinux/config. If yes you will have
    > to check the its configuration which could be preventing you to change
    > /sbin in your context.
    >
    > Matteo


    I checked the file and it seems to be disabled:

    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    # enforcing - SELinux security policy is enforced.
    # permissive - SELinux prints warnings instead of enforcing.
    # disabled - SELinux is fully disabled.
    SELINUX=disabled
    # SELINUXTYPE= type of policy in use. Possible values are:
    # targeted - Only targeted network daemons are protected.
    # strict - Full SELinux protection.
    SELINUXTYPE=targeted

    system-config-securitylevel also says it is disabled.


    I don't know anything about selinux, but I looked in
    /etc/selinux/targeted and found a few .LOCK files in there

    I did find this:
    http://fedora.redhat.com/docs/selinu...fc5/#id2960938

    $ ls -dalZ /usr/sbin
    drwxr-xr-x root root system_ubject_r:sbin_t:s0
    /usr/sbin

    $ ls -dalZ /sbin
    drwxr-xr-x root root system_ubject_r:sbin_t:s0 /sbin


+ Reply to Thread