PDA

View Full Version : SLES 12 SP1 du cannot read directory permission denied



mikenash
07-Jun-2017, 14:20
I am executing the du command and I am receiving permission denied on some directories.


linux158:/usr/IBMi/depo/tools/rpm # ls -l
total 8
drwxr-xr-x 2 root root 4096 Sep 15 2008 aix
drwx------ 2 root root 4096 May 16 2008 src
linux158:/usr/IBMi/depo/tools/rpm # du src
du: cannot read directory ‘src’: Permission denied
4 src

On another system I created a test with a directory having the same permissions but the su command worked!

root@linux140:/root #~>cd /mnt/
Wed Jun 07 2017 09:16 AM
root@linux140:/mnt #~>mkdir test
Wed Jun 07 2017 09:16 AM
root@linux140:/mnt #~>chmod 700 test
Wed Jun 07 2017 09:16 AM
root@linux140:/mnt #~>vi test/test
Wed Jun 07 2017 09:17 AM
root@linux140:/mnt #~>ls -l
total 0
drwx------ 2 root root 18 Jun 7 09:17 test
Wed Jun 07 2017 09:17 AM
root@linux140:/mnt #~>du test
4 test

Are there any suggestions to explain this problem?

mikenash
07-Jun-2017, 18:46
More information. I found that this directory is part of an auto mount file system. I find that I am allowed access to the /usr/IBMi/depo/tools/rpm/aix directory but not the
/usr/IBMi/depo/tools/rpm/src directory. What would configuration creates this scenario? How would I verify this?

mikenash
07-Jun-2017, 19:18
I think I may understand what is happening.
The user id. "root" on linux158 is not the user id. of the other system where this is mounted from.

jmozdzen
12-Jun-2017, 12:37
Hi Mike,

> The user id. "root" on linux158 is not the user id. of the other system where this is mounted from.

yes, indeed - typically, you'll map the client user "root" to i.e. "nobody" or some other unprivileged user on the NFS server side ("root_squash" option, see "man 5 exports"). This is to protect the file system exported by the server - as the server admin, you cannot guaranteed that the "root" account at the NFS client is safe.

Regards,
J