|
|
|
|
|
|
| Author |
Message |
<cus@oceanwave.com>
*nix forums beginner
Joined: 27 Jan 2006
Posts: 12
|
 Posted: Thu Jul 20, 2006 11:07 pm Post subject:
changing inode permissions
|
|
|
Due to some oddness with live upgrade, the root filesystem in the new
BE had the /var directory set to mode 700. We still haven't figured
out why yet, but we now have hundereds of machines which have issues
with the permissions underlying the /var mount. I'd really rather not
have to bring each machine to single user and umount -f /var to fix
the permissions in the root filesystem
Since I can use ncheck to find the inode number of the var directory
on the root parition, is there a way I can change the permissions on
that specific fs/inode pair? I don't think there's a utility that can
do this (there should be), so if someone wants to throw me a piece of
C code that can, that would be fabulous. |
|
| Back to top |
|
 |
Ceri Davies
*nix forums addict
Joined: 27 Apr 2003
Posts: 96
|
| Posted: Thu Jul 20, 2006 11:23 pm Post subject:
Re: changing inode permissions
|
|
|
On 2006-07-20, <cus@oceanwave.com> <cus@oceanwave.com> wrote:
| Quote: | Due to some oddness with live upgrade, the root filesystem in the new
BE had the /var directory set to mode 700. We still haven't figured
out why yet, but we now have hundereds of machines which have issues
with the permissions underlying the /var mount. I'd really rather not
have to bring each machine to single user and umount -f /var to fix
the permissions in the root filesystem
|
I realise that this isn't answering your question, but why do you care
what the permissions of the mountpoint are? They don't really matter.
Ceri
--
That must be wonderful! I don't understand it at all.
-- Moliere |
|
| Back to top |
|
|
<cus@oceanwave.com>
*nix forums beginner
Joined: 27 Jan 2006
Posts: 12
|
| Posted: Thu Jul 20, 2006 11:48 pm Post subject:
Re: changing inode permissions
|
|
|
ceri_usenet> I realise that this isn't answering your question, but
ceri_usenet> why do you care what the permissions of the mountpoint
ceri_usenet> are? They don't really matter.
Yes they do when they are more restrictive than the permissions on the
mount. Things like pwd, getcwd, etc fail when users don't have
permissions to access the underlying directory:
| Quote: | cd /var
ls -al|head
|
ls: ..: Permission denied
total 43
drwxr-xr-x 29 root 512 Jul 20 09:17 .
This also breaks scripts that run under /var that use pwd. It breaks
man because that usees getcwd.
| Quote: | man ncheck
getcwd: Permission denied |
I'm sure it will break a whole slew of other things we haven't found. |
|
| Back to top |
|
|
Darren Dunham
*nix forums Guru
Joined: 22 Feb 2005
Posts: 1120
|
| Posted: Thu Jul 20, 2006 11:54 pm Post subject:
Re: changing inode permissions
|
|
|
cus@oceanwave.com wrote:
| Quote: | Due to some oddness with live upgrade, the root filesystem in the new
BE had the /var directory set to mode 700. We still haven't figured
out why yet, but we now have hundereds of machines which have issues
with the permissions underlying the /var mount. I'd really rather not
have to bring each machine to single user and umount -f /var to fix
the permissions in the root filesystem
|
Even if it were scripted? Can you reboot the machines (startup script
that changes perms and then deletes itself)?
| Quote: | Since I can use ncheck to find the inode number of the var directory
on the root parition, is there a way I can change the permissions on
that specific fs/inode pair?
|
Just because you can (usually) read the raw device and gather
information while it's mounted doesn't mean that it's safe to write to
it. If you did that, you'd be writing behind the filesystem. On par
with running fsck on a mounted filesystem. Don't do it, and reboot
afterward if you do.
--
Darren Dunham ddunham@taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. > |
|
| Back to top |
|
|
Darren Dunham
*nix forums Guru
Joined: 22 Feb 2005
Posts: 1120
|
| Posted: Fri Jul 21, 2006 12:04 am Post subject:
Re: changing inode permissions
|
|
|
Ceri Davies <ceri_usenet@submonkey.net> wrote:
| Quote: | On 2006-07-20, <cus@oceanwave.com> <cus@oceanwave.com> wrote:
Due to some oddness with live upgrade, the root filesystem in the new
BE had the /var directory set to mode 700.
I realise that this isn't answering your question, but why do you care
what the permissions of the mountpoint are? They don't really matter.
|
They should not, but they do.
<http://groups.google.com/group/comp.sys.sun.admin/browse_frm/thread/74d5086b033e71ef/>
--
Darren Dunham ddunham@taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. > |
|
| Back to top |
|
|
<arr@oceanwave.com>
*nix forums beginner
Joined: 09 May 2006
Posts: 2
|
| Posted: Fri Jul 21, 2006 12:20 am Post subject:
Re: changing inode permissions
|
|
|
| Quote: | I'd really rather not have to bring each machine to single user and
umount -f /var to fix the permissions in the root filesystem
|
ddunham> Even if it were scripted? Can you reboot the machines
ddunham> (startup script that changes perms and then deletes itself)?
The problem is that many of them are production mahcines, so getting
downtime isn't easy. And I'm not sure you could do it completely
automated, actually, since once you umount /var you can't use things
like init. You might be able to remount /var after you make the
change and then do an init. Rebooting is certainly a last resort,
though.
| Quote: | Since I can use ncheck to find the inode number of the var
directory on the root parition, is there a way I can change the
permissions on that specific fs/inode pair?
|
ddunham> Just because you can (usually) read the raw device and gather
ddunham> information while it's mounted doesn't mean that it's safe to
ddunham> write to it. If you did that, you'd be writing behind the
ddunham> filesystem.
Hm, there's no safe way to modify the inode directly using the same
sort of code hooks that the filesystem does? |
|
| Back to top |
|
|
Ronald Kuehn
*nix forums beginner
Joined: 20 Jul 2005
Posts: 6
|
| Posted: Fri Jul 21, 2006 12:29 am Post subject:
Re: changing inode permissions
|
|
|
<cus@oceanwave.com> writes:
| Quote: | Due to some oddness with live upgrade, the root filesystem in the new
BE had the /var directory set to mode 700. We still haven't figured
out why yet, but we now have hundereds of machines which have issues
with the permissions underlying the /var mount. I'd really rather not
have to bring each machine to single user and umount -f /var to fix
the permissions in the root filesystem
Since I can use ncheck to find the inode number of the var directory
on the root parition, is there a way I can change the permissions on
that specific fs/inode pair? I don't think there's a utility that can
do this (there should be), so if someone wants to throw me a piece of
C code that can, that would be fabulous.
|
I think an easier way would be to
1) share the root filesystem with rw permissions and root access to
some other host
2) mount it on that other host
3) chmod the var directory in the root filesystem
4) umount... unshare...
(use NFSv3 since this won't work in NFSv4)
Ronald
--
* Experience is what you get when you were expecting something else. |
|
| Back to top |
|
|
Rich Teer
*nix forums Guru
Joined: 21 Feb 2005
Posts: 1038
|
| Posted: Fri Jul 21, 2006 4:44 am Post subject:
Re: changing inode permissions
|
|
|
On Thu, 20 Jul 2006, arr@oceanwave.com wrote:
| Quote: | The problem is that many of them are production mahcines, so getting
downtime isn't easy. And I'm not sure you could do it completely
automated, actually, since once you umount /var you can't use things
like init. You might be able to remount /var after you make the
change and then do an init. Rebooting is certainly a last resort,
though.
|
Which is one reason why I would advise against a separate /var
partition.
--
Rich Teer, SCNA, SCSA, OpenSolaris CAB member
President,
Rite Online Inc.
Voice: +1 (250) 979-1638
URL: http://www.rite-group.com/rich |
|
| Back to top |
|
|
Ceri Davies
*nix forums addict
Joined: 27 Apr 2003
Posts: 96
|
| Posted: Fri Jul 21, 2006 9:06 am Post subject:
Re: changing inode permissions
|
|
|
On 2006-07-21, Darren Dunham <ddunham@redwood.taos.com> wrote:
| Quote: | Ceri Davies <ceri_usenet@submonkey.net> wrote:
On 2006-07-20, <cus@oceanwave.com> <cus@oceanwave.com> wrote:
Due to some oddness with live upgrade, the root filesystem in the new
BE had the /var directory set to mode 700.
I realise that this isn't answering your question, but why do you care
what the permissions of the mountpoint are? They don't really matter.
They should not, but they do.
http://groups.google.com/group/comp.sys.sun.admin/browse_frm/thread/74d5086b033e71ef/
|
Interesting, thanks.
(For the record: yes, I think it's a bug, and no, my BSD of choice
doesn't have it).
Ceri
--
That must be wonderful! I don't understand it at all.
-- Moliere |
|
| Back to top |
|
|
Ceri Davies
*nix forums addict
Joined: 27 Apr 2003
Posts: 96
|
| Posted: Fri Jul 21, 2006 10:24 am Post subject:
Re: changing inode permissions
|
|
|
On 2006-07-21, Ceri Davies <ceri_usenet@submonkey.net> wrote:
| Quote: | On 2006-07-21, Darren Dunham <ddunham@redwood.taos.com> wrote:
Ceri Davies <ceri_usenet@submonkey.net> wrote:
On 2006-07-20, <cus@oceanwave.com> <cus@oceanwave.com> wrote:
Due to some oddness with live upgrade, the root filesystem in the new
BE had the /var directory set to mode 700.
I realise that this isn't answering your question, but why do you care
what the permissions of the mountpoint are? They don't really matter.
They should not, but they do.
http://groups.google.com/group/comp.sys.sun.admin/browse_frm/thread/74d5086b033e71ef/
Interesting, thanks.
|
By some bizarre twist of fate, I just got bitten by this for the very
first time where a recursive chmod under a filesystem with this issue
failed in an otherwise mystifying way. So thank you some more ;)
Ceri
--
That must be wonderful! I don't understand it at all.
-- Moliere |
|
| Back to top |
|
|
<cus@oceanwave.com>
*nix forums beginner
Joined: 27 Jan 2006
Posts: 12
|
| Posted: Fri Jul 21, 2006 11:42 am Post subject:
Re: changing inode permissions
|
|
|
ronald.kuehn> 1) share the root filesystem with rw permissions and
ronald.kuehn> root access to some other host 2) mount it on that other
ronald.kuehn> host 3) chmod the var directory in the root filesystem
ronald.kuehn> 4) umount... unshare...
Duh, I should have thought of this. Excellent answer, thanks! Too
bad it doesn't work with loopback mounts, then I wouldn't have to
install the NFS server packages. |
|
| Back to top |
|
|
Casper H.S. Dik
*nix forums Guru
Joined: 20 Feb 2005
Posts: 1634
|
| Posted: Fri Jul 21, 2006 12:35 pm Post subject:
Re: changing inode permissions
|
|
|
Ceri Davies <ceri_usenet@submonkey.net> writes:
| Quote: | On 2006-07-21, Darren Dunham <ddunham@redwood.taos.com> wrote:
Ceri Davies <ceri_usenet@submonkey.net> wrote:
On 2006-07-20, <cus@oceanwave.com> <cus@oceanwave.com> wrote:
Due to some oddness with live upgrade, the root filesystem in the new
BE had the /var directory set to mode 700.
I realise that this isn't answering your question, but why do you care
what the permissions of the mountpoint are? They don't really matter.
They should not, but they do.
http://groups.google.com/group/comp.sys.sun.admin/browse_frm/thread/74d5086b033e71ef/
Interesting, thanks.
(For the record: yes, I think it's a bug, and no, my BSD of choice
doesn't have it).
|
It's a bug, we know it's a bug, but for some reason it hasn't been
fixed in the past 20 years (it was introduced with the VFS layer in
SunOS 3.x)
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth. |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Sat Nov 22, 2008 9:17 pm | All times are GMT
|
|
Loans | Cheap mp3 players | Loans | Herbs | Books
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
Solaris
