PDA

View Full Version : SLES-Other unable to access files logged in as root



jgosney
11-Dec-2015, 21:27
Hi all,

I've got an older SLES10sp4 box that's due to be upgraded to SLES11 next spring but I'm having a weird issue with it right now. I've got certain files in a certain directory that I can't access. Logged in as root, if I do anything such as an ls or ll, I get a response such as this:

gnetdev:/ora/infra/rdbms/mesg # ll
/bin/ls: oraus.msb: Permission denied
/bin/ls: dbvus.msb: Permission denied
/bin/ls: dbvus.msg: Permission denied
/bin/ls: nidus.msb: Permission denied
/bin/ls: nidus.msg: Permission denied
/bin/ls: rmanus.msb: Permission denied
/bin/ls: ulus.msb: Permission denied
/bin/ls: ulus.msg: Permission denied
total 4483
-rw------- 1 oracle oinstall 8704 Jan 14 2004 bbedus.msb
-rw------- 1 oracle oinstall 10270 Jan 7 2004 bbedus.msg
-rw------- 1 oracle oinstall 7168 Jan 14 2004 dgmus.msb

It will list the rest of the files in the directory but the 8 listed at the top are not accessible. I've tried changing rights, ownership, and group of all files in the directory hoping to toggle something but to no effect. If I try to mv the file or rm the file, I also get similar results.

I've never had a file that was not accessible by the root user. Any idea?

thanks!

ab
11-Dec-2015, 21:45
My best idea is corruption of some sort in the filesystem, assuming it is
a locally-mounted filesystem (vs. a network-accessible filesystem). Which
filesystem is it? Do you have backups of the files in question?

The ability to see files is managed from the directory where they live
('r' on the directory) so that you can see some but not others seems very
strange. I wonder if FACLs could be used to block this, though, but from
'root' that still seems far-fetched. It may be worthwhile to try getfacl
on the directory, then on those files, to see what results.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

jgosney
14-Dec-2015, 15:01
Ab,

I thought about the ACL as well but when I run a getfacl on one of the affected files, I get...

gnetdev:/ora/infra/rdbms/mesg # getfacl oraus.msb
getfacl: oraus.msb: Permission denied
gnetdev:/ora/infra/rdbms/mesg #

Looking at the same files with the ll command....

gnetdev:/ora/infra/rdbms/mesg # ll ora*
/bin/ls: oraus.msb: Permission denied
-rw------- 1 oracle oinstall 3410184 Jan 10 2006 oraus.msg
gnetdev:/ora/infra/rdbms/mesg #


It is a locally mounted file system -- not external. I would think that if it was something with the file system type or the settings in fstab, it would affect the entire volume but just for info sake, here's the corresponding entry in fstab...

/dev/sdb1 /ora reiserfs acl,user_xattr 1 2

As I said earlier, this is an older SUSE10 box and that's why we were using reiserfs instead of newer file system such as ext3 or ext4.

I also thought that possibly the rights had been set to 000 but even if that were the case, root user should still be able to access them. But trying to change the rights gives a similar message...

gnetdev:/ora/infra/rdbms/mesg # chmod 600 oraus.msb
chmod: cannot access `oraus.msb': Permission denied
gnetdev:/ora/infra/rdbms/mesg #

Basically, anything I try to do to read or modify this file gives the error. Yet other files in the same directory are visible.

jg

jmozdzen
14-Dec-2015, 18:44
Hi jg,

what's the permissions of the containing directory? ("ls -ld /ora/infra/rdbms/mesg")

Also, just for good measure, please run "df -h /ora/infra/rdbms/mesg" and check that the device is actually /dev/sdb1. Did you have a look at dmesg and/or syslog for indications of possible file system corruption?

Regards,
Jens

jgosney
15-Dec-2015, 20:12
Jens,

To answer your two questions, here's the output of the ls command:

gnetdev:/ # ls -ld /ora/infra/rdbms/mesg
drwx------ 2 oracle oinstall 1440 Nov 7 2014 /ora/infra/rdbms/mesg
gnetdev:/ #

I have verified that the path is on /dev/sdb1. And I am seeing no errors in /var/log/messages when I try to access those files and nothing that I'm seeing in dmesg is showing any corruption on sdb1.

It's a mystery.

jg

jmozdzen
16-Dec-2015, 11:22
Hi jg,

> It's a mystery.

Indeed. Sorry, I'm out of ideas... if this persists a reboot and becomes a genuine problem, I suggest to open a service request with SUSE.

Regards,
Jens

smflood
16-Dec-2015, 12:19
On 15/12/2015 19:14, jgosney wrote:

> To answer your two questions, here's the output of the ls command:
>
> gnetdev:/ # ls -ld /ora/infra/rdbms/mesg
> drwx------ 2 oracle oinstall 1440 Nov 7 2014 /ora/infra/rdbms/mesg
> gnetdev:/ #
>
> I have verified that the path is on /dev/sdb1. And I am seeing no
> errors in /var/log/messages when I try to access those files and nothing
> that I'm seeing in dmesg is showing any corruption on sdb1.
>
> It's a mystery.

By the looks of it all these files are Oracle-related. Are you able to
log in as the oracle user to see what it says are the rights on the files?

Does "chacl -l /ora/infra/rdbms/mesg/*" reveal anything?

I'm thinking that Oracle has/is set/setting permissions on those files.

Another thought - is AppArmor active?

HTH.
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------

jmozdzen
16-Dec-2015, 13:08
Hi jg,

> It's a mystery.

Simon's comment triggered something... what does "lsattr" show for these files? If it displays the "-i" flag, those files were set "immutable", which would deliver the results you see.

Regards,
Jens