Visit Our UNIX and Linux User Community


Testing privileges -lock lockfile /var/lock/subsys/..- Permission denied


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Testing privileges -lock lockfile /var/lock/subsys/..- Permission denied
# 1  
Old 09-22-2011
Testing privileges -lock lockfile /var/lock/subsys/..- Permission denied

Hi all,

I have to test some user priviliges. The goal is to be sure that an unauthorized user can't restart some modules (ssh, mysql etc...).
I'm trying to automate it with a shell script but in same cases I got the syslog broadcast message.
Quote:
lockfile /var/lock/subsys/$under_test- Permission denied
Is there any way to simply get a return code (allowed or not) without see the broadcast message on all terminals?

Thanks in advance
# 2  
Old 09-22-2011
It'd help to see what your script actually is.
# 3  
Old 09-23-2011
Hi,

thx for reply.
This script is really basic here there's the section I was talking about:

Code:
RC=0
for command in ${forbidden_command_array[@]}; do
   $command
   RC1=$(($?-EXP_RET_CODE)) 

   let "RC=(($RC || $RC1))"
done

so at the end if RC is equal to zero means that all return codes were equal to the expected ones.
One pratical example that doesn't work is the command:
Quote:
service syslog restart
if an unauthorized user try to execute that command I got back the message:
Quote:
Shutting down kernel logger: /etc/init.d/functions: line 141: /var/run/klogd.pid: Permission denied
rm: cannot remove `/var/run/klogd.pid': Permission denied [FAILED]

Shutting down system logger: /etc/init.d/functions: line 141: /var/run/syslogd.pid: Permission denied
rm: cannot remove `/var/run/syslogd.pid': Permission denied[FAILED]

rm: cannot remove `/var/lock/subsys/syslog': Permission denied
Starting system logger: /etc/init.d/functions: line 141: /var/run/syslogd.pid: Permission denied
And the script stop its execution. To get the prompt back I have to type Ctrl-C.
The problem for me is that I would like simply to get back the return code to comprare with the expected one.

Any idea?
thx
# 4  
Old 09-29-2011
SOLVED:Testing privileges

Hi all,

Here I report the solution I found.
My goal was to test some user privileges and be sure that they can't start/stop/restart some services. My problem was that running the test for an unauthorized user I got back a message on the console, as consequences the script got stuck until I press enter to get the prompt back.

The solution (not the best but it works) is to temporary redirect (for the test time) all the logs messages, that refers to the services you're testing, to a log file.
I did it with rsyslog and filtering by program name, here the link:
Filtering by program name - rsyslog wiki
In this way the error goes to the file and it does not block the console


Hope this help

Cheers

Previous Thread | Next Thread
Test Your Knowledge in Computers #67
Difficulty: Medium
IT security or cybersecurity controls are based on a combination of three types of security controls, (1) physical controls, (2) logical controls and (3) administrative controls.
True or False?

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Can't open nodes-6379.conf in order to acquire a lock: Permission denied

I am getting error on redis server on linux 7.5 after change the default path /var/lib/redis to /redisdata, and enable cluster-enabled yes. It would be really appreciate if some one can check and suggest on this issue. error code: 1240:C 09 Sep 2018 13:53:51.058 # oO0OoO0OoO0Oo Redis is... (3 Replies)
Discussion started by: nadeemrafikhan
3 Replies

2. Linux

/var/lock/subsys permission denied for root

Hello I have simple line of code here: FILE *lockfp = fopen("/var/lock/subsys/processName", "w"); which is denied even running as root. The result is locking failed for the following reason: Permission denied How is this possible? Why is this happening? Thanks for your... (4 Replies)
Discussion started by: flagman5
4 Replies

3. UNIX for Advanced & Expert Users

/var/mail/$LOGINNAME.lock

I'm not able to view my inbox mails, I'm using Thunderbird. I have checked the /var/mail/ directory files. There I saw the lock file. . I have removed the lock file and restarted the Thunderbird, again the lock file is created. I have changed the file group as mail from users. after that... (1 Reply)
Discussion started by: ungalnanban
1 Replies

4. Red Hat

/usr/sbin/crond: can't lock /var/run/crond.pid,

please tell pre-requisite steps to activate cron. i activated the cron but it not executing the script which i set in crontab entry.through root user i passed the service crond start it get start.but when i go to etc/init.d and passed crond stop command.it gets crond: can't lock /var/run/crond.pid,... (2 Replies)
Discussion started by: umair
2 Replies

5. Red Hat

Security Question: Lock after invalid login, Session Lock and Required Minimum Password Length

Hello all, If anyone has time, I have a few questions: How do I do the following in Linux. We are using Red Hat and Oracle Enterprise Linux, which is based on Red Hat too. 1. How to lock the account after a few (like 3) invalid password attempts? 2. How do you lock a screen after 30... (1 Reply)
Discussion started by: nstarz
1 Replies

6. Shell Programming and Scripting

lock an account

hi how can I Lock an account, by prepending *LK* to the password field in /etc/shadow. I dont want to use passwd -l . Any idea? (3 Replies)
Discussion started by: tjay83
3 Replies

7. Shell Programming and Scripting

Lock for this script

Hi, My requirement is to service a process and below is the script which i wrote for that and works fine, I have kept it in a crontab and running this everyminute, how do I lock this if its already running and i dont want to open if its running and not completed yet. The crontab need to run... (4 Replies)
Discussion started by: strunz
4 Replies

8. HP-UX

How to Lock In HP-UX

Hi , How should i implemet a lock function Hp-ux . I want to a lock a file through fcntl in Hp-ux . But is not locking properly . Thanks Narendra (7 Replies)
Discussion started by: naren_chella
7 Replies

9. UNIX for Dummies Questions & Answers

Files still being created in /var/spool/mmdf/lock/home

Hi all I need help finding a process that is continuing to create files in the above area. There are three sub folder titled addr q.local and msg . I have already found a process called mmdf running and have used the kill command to stop this from running. I have also looked for sendmail or... (12 Replies)
Discussion started by: TeaMaker
12 Replies

10. UNIX for Dummies Questions & Answers

how to lock keyboard without using lock command

how can I lock my keyboard while I'm away from the computer without using lock command. What other commands gives me the option to lock keyboard device? thanks (7 Replies)
Discussion started by: dianayun
7 Replies

Featured Tech Videos