- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Program runs from one file system but not the othe...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-27-2012 09:40 AM
10-27-2012 09:40 AM
O/S: Fedora 16
o I have 2 boot disks: /sda and /sdb
o I run on /sda for 6 months, doing monthly backups. At the end of 6 months I:
- boot off of /sdb
- mount /sda
- tar /sda to backup device
- boot /sda
- mkfs /sdb
- mount /sdb
- tar backup of /sda onto /sdb
- edit files like fstab
- boot and run off of /sdb
(I may have missed a step above (I've got the flu and am not fully on-line :-), I've been doing this since 1995 with no problem).
So I do all that and boot from /sdb.
Now, I login as me and find that I can no longer do <ping> or <rlogin>:
(I'm going to use fully-qualified pathnames so you can see what's going on)
tonyp% /bin/ping m2404txp
ping: icmp open socket: Operation not permitted
tonyp% /usr/bin/rlogin m2404txp
rcmd: socket: Permission denied
-- Now look what happens when I do it from /sda--
tonyp% /sda/bin/ping m2404txp
PING m2404txp (15.19.89.12) 56(84) bytes of data.
64 bytes from m2404txp (15.19.89.12): icmp_req=1 ttl=64 time=0.284 ms
64 bytes from m2404txp (15.19.89.12): icmp_req=2 ttl=64 time=0.260 ms
64 bytes from m2404txp (15.19.89.12): icmp_req=3 ttl=64 time=0.257 ms
tonyp% /sda/usr/bin/rlogin m2404txp
Last login: Sat Oct 27 09:19:39 from blacktower
--
I've checked the directory permissions and <diff> the files and they are the same.
My only guess is that somewhere there is an entry that says "tonyp can run the following utilities on /sda".
Any ideas as to what to look for?
(I'm going to boot from /sda and then mount /sdb and see if I get the opposite results of the rlogin and ping commands.
regards,
tony.podrasky@gmail.com
Solved! Go to Solution.
- Tags:
- Permission
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-27-2012 06:00 PM
10-27-2012 06:00 PM
Solution> My only guess is that somewhere there is an entry that says "tonyp can run the following utilities on /sda".
Actually, the utilities *are* running just fine, but the OS rejects some operations that are critical for the proper functioning of those utilities.
In the case of ping, the utility is trying to open a raw socket for the purpose of sending and receiving ICMP ping packets, and the OS is rejecting that. Classically, root access is needed to do that.
In the case of rlogin, the utility needs to use the privileged ports (TCP/UDP port range 0-1023) which are classically reserved for root use only in Unix-like systems.
This is why ping and rlogin are usually setuid root binaries (owned by root and permissions something like -r?s?-x?-x).
But, as a long-time Linux veteran, you probably have already checked that.
The next possible cause is the new-fangled feature known as SELinux.
It adds a more fine-grained security layer that can restrict even root processes. So the missing entry is not related to user "tonyp"; it's actually more like "program /bin/ping may use raw sockets" and "program /usr/bin/login may use privileged ports".
Fedora 16 is new enough to possibly have SELinux enabled by default. If that's true, your system cloning procedure will need one extra step: restoring the SELinux labels after the tar operation, or alternatively copying the SELinux labels along with the tar operation.
The system can do the relabeling automatically based on the SELinux ruleset stored in /etc/selinux, it just needs to be told that a full relabeling is needed.
The easiest way to do that is to create a file named "/.autorelabel" to the root filesystem that is restored/regenerated with tar. So in your case, the amended last steps of your procedure would have to be:
[...]
- tar backup of /sda onto /sdb
- edit files like fstab
- touch /sdb/.autorelabel
- boot and run off of /sdb
If you don't want to repeat your backup procedure, fixing your current situation without rebooting would be as easy as running "restorecon -v /" as root... but if SELinux is really in effect and all the labels are gone, you may have to use /sda/bin/su or /sda/usr/bin/sudo to get a real omnipotent root session first, as the versions of su and sudo on sdb may be unable to give you full root powers because, again, the commands are missing their proper SELinux labels.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2012 09:59 AM
10-28-2012 09:59 AM
Re: Program runs from one file system but not the other
Hello Matti et al;
I tried the ideas you supplied and had no success with modifying the selinux environment.
I wound up doing a <chmod u+s> on ping and rlogin to fix the problems. Works fine now. I also did that on /sda. Tomorrow I'll do another backup/restore to /sdb and see if things work on /sdb. I expect so.
I would rather have gotten the selinux to work correctly, but I admit when I built the Fedora 16 on my new computer, I had so much trouble - because it is NOTHING like Red Hat Enterprise 3.0 - that I wound up butchering the heck out of the O/S.
I've been running Linux since 1995 Slackware 1.2 and have never seen such a nightmare as Fedora 16.
Anyway, thanx for the help and the fix.
regards,
tony.podrasky