| All Forums |
Register |
Login |
Search |
Subscriptions |
My Profile |
Inbox |
| Tool Warehouse |
FAQs |
Resources |
Help |
Member List |
Address Book |
Logout |
|
|
trying to shh and get /bin/sh: permission denied
|
Logged in as: Guest |
| Users viewing this topic: none |
|
Login  |
|
|
 trying to shh and get /bin/sh: permission denied - Aug. 9, '05, 3:30:23 PM
|
|
|
aetienne
Posts: 5
Joined: Jul. 12, '05,
Status: offline
|
trying to shh and get /bin/sh: permission denied unless user in local admins group. permission 775 on /bin/ksh (sh linked to ksh). Same permissions result in different behavior on xp pro in same odmain. Not sure where to look. Ideas?
|
|
|
|
|
RE: trying to shh and get /bin/sh: permission denied - Aug. 9, '05, 4:55:18 PM
|
|
|
Rodney
Posts: 3696
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
"Permission denied" can be anywhere along the path, not just the file itself.
So look at "/bin" and "/" as well. Also quote the actual output from "ls"
because sometimes there can be additional permissions attached (indicated by a "+")
that show more ACE's in the ACL than those that can be respresented in a Unix style.
The user in question should be checked to see that he/she is in a group that allows
for login privilege; the local administrators group may be a member of that group
(group can beloong to groups) and thus that's why doing this works.
The other thing you can try is to change the default shell (see the man page "man chsh")
to see if that has any affect.
Are you doing the connection by ssh with or without a password ?
|
|
|
|
|
RE: trying to shh and get /bin/sh: permission denied - Aug. 11, '05, 1:23:39 PM
|
|
|
aetienne
Posts: 5
Joined: Jul. 12, '05,
Status: offline
|
Permissions seem the same on the surface between xp and w2k3; but the behavior is different.
Below is a capture from an xp login without oracle being a member of the local admin group.
Then a capture from a w2k3 server with oracle a member of local admins group, then without.
It seems like the o+rx permision should cover it.
It works, even if not the way I wanted it to.
########################## Windows XP pro workstation #################################
bounce$ ssh -l oracle sc028944
oracle@mlbagpd1's password:
Welcome to the Interix UNIX utilities.
DISPLAY=localhost:0.0
$ id
uid=1183140(oracle) gid=1049089(Domain Users) groups=1049089(Domain Users), 65792(+Everyone), 131627(+Remote Desktop Users), 131617(+Users), 4095(CurrentSession), 66048(+LOCAL), 66820(+INTERACTIVE), 66827(+Authenticated Users)
$ uname -a
Interix SC028944 3.5 SP-8.0.1969.1 x86 Intel_x86_Family15_Model2_Stepping4
$ ls -ld /usr /usr/bin /usr/bin/sh /usr/bin/ksh
drwxrwxr-x 1 HRSROOT+administrator +Administrators 0 Jul 12 15:13 /usr
lrw-rw-r-- 1 HRSROOT+administrator +Administrators 6 Nov 8 2003 /usr/bin -> ../bin
-rwxrwxr-x 1 HRSROOT+administrator +Administrators 307712 Nov 8 2003 /usr/bin/ksh
lrw-rw-r-- 1 HRSROOT+administrator +Administrators 3 Nov 8 2003 /usr/bin/sh -> ksh
$
######################### Windows 2003 Standard Edition server############################
bounce$ ssh -l oracle mlbagpd1
oracle@mlbagpd1's password:
Welcome to the Interix UNIX utilities.
DISPLAY=localhost:0.0
$ id
uid=1183140(oracle) gid=1049089(Domain Users) groups=1049089(Domain Users), 65792(+Everyone), 131616(+Administrators), 131617(+Users), 66820(+INTERACTIVE), 66827(+Authenticated Users), 66831(+This Organization), 4095(CurrentSession), 1106891(ssl_test3), 1100187(CSP_p drive), 1105017(BPD_Trusted Domain Users), 1119407(corp_Users), 2829, 1018
$ ls -ld /usr /usr/bin /usr/bin/sh /usr/bin/ksh
drwxrwxr-x 1 HRSROOT+administrator +Administrators 0 Jul 13 11:44 /usr
lrw-rw-r-- 1 HRSROOT+administrator +Administrators 6 Nov 8 2003 /usr/bin -> ../bin
-rwxrwxr-x 1 HRSROOT+administrator +Administrators 307712 Nov 8 2003 /usr/bin/ksh
lrw-rw-r-- 1 HRSROOT+administrator +Administrators 3 Nov 8 2003 /usr/bin/sh -> ksh
$ ^D
Connection to mlbagpd1 closed.
bounce$
###################### remove oracle from local admin group###########################
bounce$ ssh -l oracle mlbagpd1
oracle@mlbagpd1's password:
Could not chdir to home directory /dev/fs/C/SFU/home/oracle: Permission denied
/bin/sh: Permission denied
Connection to mlbagpd1 closed.
############################# add oracle back to local admin group####################
bounce$ ssh -l oracle mlbagpd1
oracle@mlbagpd1's password:
Welcome to the Interix UNIX utilities.
DISPLAY=localhost:0.0
$ ls -ld /dev /dev/fs /dev/fs/C /dev/fs/C/SFU /dev/fs/C/SFU/home /dev/fs/C/SFU/home/oracle
drwxrwxr-x 1 HRSROOT+administrator +Administrators 0 Aug 6 14:52 /dev
dr-xr-xr-x 1 0 0 0 Aug 11 11:03 /dev/fs
drwxrwxr-x+ 1 +Administrators +SYSTEM 0 Aug 11 01:56 /dev/fs/C
drwxrwxr-x 1 +Administrators +SYSTEM 0 Aug 10 16:30 /dev/fs/C/SFU
drwxr-xr-x 1 aetienne +SYSTEM 0 Aug 10 16:31 /dev/fs/C/SFU/home
drwxr-x--- 1 oracle +SYSTEM 0 Aug 10 16:38 /dev/fs/C/SFU/home/oracle
$
|
|
|
|
|
RE: trying to shh and get /bin/sh: permission denied - Aug. 11, '05, 2:35:18 PM
|
|
|
Rodney
Posts: 3696
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
Okay. That provides some diagnostic clarity.
The message " /bin/sh: Permission denied " is an error message from /bin/sh
reporting that permission was denied when trying to access something. In this case
it was likely the user's home directory. The default behavior of sh in login
mode is to go to the user's home directory and then start looking for ".profile", etc.
There is no problem with your user running the shell.
So it's the same problem as reported by sshd with " Could not chdir to home directory /dev/fs/C/SFU/home/oracle: Permission denied "
Same problem; different messages from different programs.
In both cases the process (sshd and sh) when they do the report are the user.
You gave a password, so it wasn't a passwordless login with a key exchange.
This means the security token will have been created "normally" (all network drive access
would be allowed if authorized, but it looks like it's a local drive anyway, so that should
be a moot point).
So the problem centers solely on home directory access.
So what's the ouput from an "ls -l ~" on the difficult machine ?
|
|
|
|
|
RE: trying to shh and get /bin/sh: permission denied - Aug. 11, '05, 2:51:18 PM
|
|
|
aetienne
Posts: 5
Joined: Jul. 12, '05,
Status: offline
|
The whole tree is ls -ld in the prior post
|
|
|
|
|
RE: trying to shh and get /bin/sh: permission denied - Aug. 12, '05, 12:14:42 AM
|
|
|
Rodney
Posts: 3696
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
Well, the ownership looks correct for the home directory. The group of the directory
shouldn't matter since it's the owner doing the access.
What we see may not be what is there. The Unix permissions shown are an interpretation
of the ACL (Access Control List) entries (ACE's). There is a situation I just generated
(while trying to replicate this) that results in some wrong information being displayed
(the group listed wasn't actually an ACE in the ACL).
I couldn't get access to the directory when I should have been able to, but the extra "+"
was displayed so I knew there was something more to it. Your ls output doesn't
have the "+" displayed. But there's a good "what if" it's the same thing (or similar enough).
So lets try two things:
1) run the command cacls on the directory (you'll need to 'cd' to it, so: "cd /home ; cacls oracle")
and let me know what the output of that is.
2) let's try just wacking the permissions and ownership/group with chmod and chown to
make sure it's all correct "under the covers". So "chmod oracle:+SYSTEM ; chown 755 oracle"
|
|
|
|
|
RE: trying to shh and get /bin/sh: permission denied - Aug. 15, '05, 1:00:52 PM
|
|
|
aetienne
Posts: 5
Joined: Jul. 12, '05,
Status: offline
|
$ cacls oracle
C:\SFU\home\oracle HARRIS\oracle:F
NT AUTHORITY\SYSTEM:R
Everyone:(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_READ_EA
FILE_READ_ATTRIBUTES
$ ls -ld oracle
drwxr-x--- 1 oracle +SYSTEM 0 Aug 10 16:38 oracle
$
$ pwd
/dev/fs/C/SFU/home
$ chown oracle:+SYSTEM oracle
$ chmod 755 oracle
$
$ cacls oracle
C:\SFU\home\oracle HARRIS\oracle:F
NT AUTHORITY\SYSTEM:R
Everyone:R
$ ls -ld oracle
drwxr-xr-x 1 oracle +SYSTEM 0 Aug 10 16:38 oracle
$
|
|
|
|
|
RE: trying to shh and get /bin/sh: permission denied - Aug. 15, '05, 1:24:03 PM
|
|
|
Rodney
Posts: 3696
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
Well, the cacls output for the "oracle" directory looked right.
There are three ACE's in the ACL as there should be, so nothing obvious there (alas).
The chown did what is expected too.
I seem to have missed asking you the "obvious question". Sorry I missed doing this.
I guess I ask it too often and thus assume I already have asked it.
When you installed Interix/SFU did you check that you want "setuid behavior" on?
If not check the FAQ entry 1.03 to turn it on.
|
|
|
|
|
RE: trying to shh and get /bin/sh: permission denied - Aug. 15, '05, 3:30:34 PM
|
|
|
aetienne
Posts: 5
Joined: Jul. 12, '05,
Status: offline
|
Is this the correct version for msfu?
Version information:
Microsoft Windows Services for UNIX 3.5 [8.0.1969.1]
2003 No service pack 1.
Checked the registry and value set to 1 for setuid.
No junction points.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
|
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
|
Printable Version
