HPE Community
Operating System - HP-UX
1830387 Members
2725 Online
110001 Solutions
New Discussion

permission issue

 
SOLVED
Go to solution
Vishu
Trusted Contributor

‎07-21-2009 08:53 AM

‎07-21-2009 08:53 AM

permission issue

Masters,

I am facing one problem in sendmail that permission denied error. i checked for permission of /var/spool/clientmqueue and that was 755. i changed it to 770 and sendmail is working fine afterwards.
Next day, i faced the same issue again in same server and again the permission changed to 755. i checked for crontab and there is a script scheduled everyday, which is something like this.

# Fix homedir ownership and access.
if [ -r ${homedir} ]
then
echo "Resetting ownership and access for ${homedir}." >> $log
chown ${login}:${gid} ${homedir}
chmod 755 ${homedir}
fi

Which fix the ownership and permissions for every user in /etc/passwd. As smmsp is the user exist in /etc/passwd and /var/spool/clientmqueue is his home directory, it changes the permission of clientmqueue to 755 everyday. We cannot comment this script to run. Please suggest how would i get rid of this problem.

And, also please tell me what is this -r is used in that script.

Thanks
0 Kudos
4 REPLIES 4
Mel Burslan
Honored Contributor

‎07-21-2009 09:03 AM

‎07-21-2009 09:03 AM

Solution

Re: permission issue

-r in the if [ ] construct is checking if the file or directory exists and have read permission to it. If you are running this cron job as root, that read permission does not matter.

the script you have given does nothing to the /var/spool/mqueue unless you have a symbollic link to this mqueue file and doing something like

chown -R owner:group ${homedir}
chmod -R permissions ${homedir}

which will recursively change the contents of the homedir. But your script snippet above is not an indicative of this. So, whatever your problem is, is not coming from this code you gave in your post
________________________________
UNIX because I majored in cryptology...
0 Kudos
James R. Ferguson
Acclaimed Contributor

‎07-21-2009 09:09 AM

‎07-21-2009 09:09 AM

Re: permission issue

Hi:

The '-r' tests for readability (true or false being the result).

I presume that your script has a loop so you could do something like:

#!/usr/bin/sh
OLDIFS=${IFS}
IFS=":"
while read name pass uid gid homedir shellprog
do
[ "${name}" = smmsp -o "${name}" = root ] && continue
if [ -r ${homedir} ]; then
echo "Resetting ownership and access for ${homedir}." >> $log
chown ${login}:${gid} ${homedir}
chmod 755 ${homedir}
fi
done < /etc/passwd
IFS=${OLDIFS}
exit 0

Regards!

...JRF...
0 Kudos
Bill Hassell
Honored Contributor

‎07-21-2009 09:18 AM

‎07-21-2009 09:18 AM

Re: permission issue

This is a very bad script to run. It has already damaged several system directories. /etc/passwd is not just for users, it has login names for root and sys and as you have seen, smmsp.

You cannot allow this script to run anymore. You must contact the senior system administrator and point out the consequences of running this script. I would seriously question why such a script is needed. If users are damaging their directories by experimenting with commands they don't understand, those users must not have a shell login. Instead, they must be given a simple menu that they cannot modify. This script will damage application user directories such as Oracle or Sybase and applications.

I would request that the reason this script exists needs to be fixed (as in: remove the reason for $HOME directories changing)

The [ -r ${homedir} ] is testing to see if the directory is readable, a poor test indeed. This might be a file or a symbolic link or any of several inappropriate things. And whether the directory is readable by the current script is irrelevant. This script would have to be run by root for a normal set of home directories.

A better test is -d to test for a directory but that isn't enough for proper validation.


Bill Hassell, sysadmin
0 Kudos
Vishu
Trusted Contributor

‎07-21-2009 10:15 AM

‎07-21-2009 10:15 AM

Re: permission issue

Thanks all for your replies...

We are editing this script accordingly so that it wont do such conditional test and changing of ownership of home directories.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.