HPE Community
Operating System - HP-UX
1848028 Members
2926 Online
104022 Solutions
New Discussion

Re: a directory that root cannot traverse

 
Scott Sabo
Frequent Advisor

‎05-25-2005 01:21 AM

‎05-25-2005 01:21 AM

a directory that root cannot traverse

I have a user account that created a directory in his home directory. He assigned the permissions 700, and the group ownership is username:usergroup.

Root cannot get into this folder. Not when su root'd, not from native login as root, etc. I cannot chmod, chown, cd to it, etc.

If I try to CD to it, I get "Permission denied".

What the heck is going on?

Thanks,

Scott
0 Kudos
Reply
15 REPLIES 15
Suraj Singh_1
Trusted Contributor

‎05-25-2005 01:23 AM

‎05-25-2005 01:23 AM

Re: a directory that root cannot traverse

Login as root, and su to that user.

Then try changing the permission/ownership etc.

REgards,
Suraj
What we cannot speak about we must pass over in silence.
0 Kudos
Reply
Stephen Keane
Honored Contributor

‎05-25-2005 01:26 AM

‎05-25-2005 01:26 AM

Re: a directory that root cannot traverse

Can you ll its parent directory?

Are the user's home directories NFS mounted, or local?
0 Kudos
Reply
Scott Sabo
Frequent Advisor

‎05-25-2005 01:34 AM

‎05-25-2005 01:34 AM

Re: a directory that root cannot traverse

I can ll the parent directory.

These are all local files, although we also use Samba.
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎05-25-2005 01:37 AM

‎05-25-2005 01:37 AM

Re: a directory that root cannot traverse

Do you use NIS?

With NIS - root may not have access - IE - if it is an automunt somewhere else...

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Stephen Keane
Honored Contributor

‎05-25-2005 02:16 AM

‎05-25-2005 02:16 AM

Re: a directory that root cannot traverse

Can you post the result of

ls -ial

of the parent directory (you can grep for the particular directory if you are worried about security etc)

0 Kudos
Reply
Scott Sabo
Frequent Advisor

‎05-25-2005 02:23 AM

‎05-25-2005 02:23 AM

Re: a directory that root cannot traverse

181245 drwxr-xr-x 6 smiths CAEUsers 1024 May 20 10:53 FIRE

Note: I had su as the user and changed the permssions so that we could get to the files.
0 Kudos
Reply
Sandman!
Honored Contributor

‎05-26-2005 02:24 AM

‎05-26-2005 02:24 AM

Re: a directory that root cannot traverse

Scott,

could you post the output of the bdf command on that directory.
cd to the dir and run bdf there as follows...

# cd

# bdf .

this will tell you if the directory is an nfs mount point and explain why root is having permissions problems.
0 Kudos
Reply
TwoProc
Honored Contributor

‎05-26-2005 03:29 AM

‎05-26-2005 03:29 AM

Re: a directory that root cannot traverse

Scott, unless the directory is fried (that is, the file that makes up the definition of this directory has junk in it) - the only way I know that this problem can exist is if it is an NFS mount point. Unless (and this is far reach), you have access control lists (acl) in place? I've not used that product yet, but it's the only other thing I can think of. Maybe someone else could comment on whether or not acl could cause this.
We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
Scott Sabo
Frequent Advisor

‎05-26-2005 07:39 AM

‎05-26-2005 07:39 AM

Re: a directory that root cannot traverse

Filesystem kbytes used avail %used Mounted on
/dev/vg00/lvol3 204800 183144 21552 89% /
/dev/vg00/lvol1 311296 113152 196640 37% /stand
/dev/vg00/lvol8 4710400 1400552 3284288 30% /var
/dev/vg00/lvol7 3760128 2449496 1301608 65% /usr
/dev/vg00/lvol4 204800 9136 194520 4% /tmp
/dev/data/new_data 39936000 3098753 34534978 8% /scratch_file
/dev/vg00/lvol6 3637248 2431080 1196808 67% /opt
/dev/vg00/lvol5 24576 14896 9680 61% /home
/dev/new_apps/new_apps
51200000 27253863 22456802 55% /fapps
ice:/iapps/idata/slangm
61440000 32794008 26898416 55% /fapps/fdata/slangm
ice:/iapps/idata/robbs
61440000 32794008 26898416 55% /fapps/fdata/robbs
ice:/iapps/idata/scottec1
61440000 32794008 26898416 55% /fapps/fdata/scottec1
ice:/iapps/idata/smiths
61440000 32794008 26898416 55% /fapps/fdata/smiths
ice:/iapps/idata/loveg
61440000 32794008 26898416 55% /fapps/fdata/loveg
ice:/iapps/idata/connet
61440000 32794008 26898416 55% /fapps/fdata/connet
ice:/iapps/idata/brakovd
61440000 32794008 26898416 55% /fapps/fdata/brakovd
air:/scratch_file 104857600 59677432 42360456 58% /air_scratch_file
0 Kudos
Reply
Kent Ostby
Honored Contributor

‎05-26-2005 07:52 AM

‎05-26-2005 07:52 AM

Re: a directory that root cannot traverse

Scott --

That's certainly not the "normal" type of issue.

If this was NFS mounted then it would make sense because you might not have root on the far file system.

What is the full path to the directory ?

Can you traverse it and check permissions / nfs mounts ... or automounts ?

"Well, actually, she is a rocket scientist" -- Steve Martin in "Roxanne"
0 Kudos
Reply
Global Unix Team
Advisor

‎05-27-2005 12:15 AM

‎05-27-2005 12:15 AM

Re: a directory that root cannot traverse

Hi,
The home directory is very likely a NFS mounted filesystem or a link to a NFS filesystem.
Unless you export your directory on you ICE server with a root=client_name option or anon=0 (dangerous) root has no access to a NFS mounted filesystem.
0 Kudos
Reply
Gopi Sekar
Honored Contributor

‎05-27-2005 12:19 AM

‎05-27-2005 12:19 AM

Re: a directory that root cannot traverse


Another possibility could be Access Control List, using which access to a particular directory/file can be denied even for root user.

please check whether you have ACL installed on the system. also check the lsattr for those files and see whether any special flag is set on.

Regards,
Gopi
Never Never Never Giveup
0 Kudos
Reply
Senthil Kumar .A_1
Honored Contributor

‎05-27-2005 11:04 AM

‎05-27-2005 11:04 AM

Re: a directory that root cannot traverse

Hi Scott,

Assuming that , the FS supports ACL. Could you get us the following output...

getacl

regards.

Lets hope.. the attributes can be read..even if ACL is set on the DIR.
Let your effort be such, the very words to define it, by a layman - would sound like a "POETRY" ;)
0 Kudos
Reply
Senthil Kumar .A_1
Honored Contributor

‎05-27-2005 03:10 PM

‎05-27-2005 03:10 PM

Re: a directory that root cannot traverse

Hi scott ignore my previous request..

When i was going through man page of "aclv", i happened to come accross this statement in the warning section...

"ACLs cannot be used to restrict the superuser's access."

Well this should be a strong indicator, that this issue might not be caused by ACL's.

The other possible causes to ponder are ,as others have suggested NIS,NFS..

one that i have come across that could deny access to root is.. "CA's Autosecure" product, which adds a advanced level of security to the basic unix system, and i think....you would be aware of it by now if your were using this for your infrastructure.

Regards.
Let your effort be such, the very words to define it, by a layman - would sound like a "POETRY" ;)
0 Kudos
Reply
Scott Sabo
Frequent Advisor

‎06-09-2005 03:15 AM

‎06-09-2005 03:15 AM

Re: a directory that root cannot traverse

(sorry, I was on vacation)

ok, here's the results of the "getacl" on this directory: acl failed for file "/fapps/fdata/smithm", Operation not supported

now, it works to the point of /fapps/fdata/ , but anywhere past there, it does not work, even for other directories past /fapps/fdata

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.