KrazyWorks » Mountpoint permission problem in Solaris

December 27, 2011 – 12:22 am | 3 Comments

Some of the technical issues with Boxee Box could have been fixed if the dev team was paying more attention to addressing the bugs rather than adding “features” of dubious value. In the final analysis, for the price and ease of use, Boxee Box is the best in its class and price range. You just need to be mindful of its limitations and buy it in hope of future improvements to its usability.

Read the full story »

Networking

Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.

Applications

Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.

Data

Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.

Monitoring

Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Filesystems

Mountpoint permission problem in Solaris

Submitted by Igor on May 4, 2006 – 6:45 pmNo Comment

The following condition was originally discovered in OpenSolaris 11 (Bug ID: 4697677). This problem occurs when you do mkdir -m 700 on a mountpoint before mounting it. This superceeds whatever permissions you might give to the mountpoint after it’s mounted.

This condition has been known to occur following a Live Upgrade process from Solaris 8 to Solaris 9. Apparently something in the Live Upgrade script sets restrictive permissions on the mountpoint before mounting it. Naturally, the Live Upgrade process is done under root account, so the SysAdmin would never notice the problem.

The symptoms of this issue include problems with the man command for non-root users, which uses nroff, which writes to temporary space in /usr/tmp which is a soft link to ../var/tmp. Also, in the affected filesystem (like /usr) a non-root user can do ls -als and will see something like this:

 2 drwxr-xr-x  47 root     sys         1024 May  4 12:36 .
 2 drwxr-xr-x   2 root     bin         1024 Feb 10 09:36 4lib
 2 lrwxrwxrwx   1 root     other          5 Feb 10 09:23 5bin -> ./bin
 2 lrwxrwxrwx   1 root     root          10 Feb 10 01:03 adm -> ../var/adm

As you may notice, the “..” metalink is missing. Also, you will not be able to access any soft links leading to ../whatever. This may be a big problem for some users and applications.

The easy way of fixing this is, of course, to unmount the filesystem and change the permissions for the underlying mountpoint. However, there is a way of addressing this issue without unmounting anything. The following is a script that would fix the problem using a local NFS mount. It uses /usr/ and /opt as examples.

#!/bin/ksh
cd /
mkdir /fix
mkidr -p /fix/mnt
for i in usr opt
do
        chmod 700 /fix
        share -F nfs -o rw=localhost,root=localhost /
        mount -o vers=3 127.0.0.1:/ /fix/mnt
        chmod 755  /fix/mnt/${i}
        umount  /fix/mnt
        unshare /
done

Popularity: 2% [?]

Applications »

OpenSUSE 11.4 Installation Overview

After enjoying taking apart Microsoft’s “cloud” Office 365 for the numerous shortcomings of its installation process, having to do the same for my favorite Linux distro – openSUSE – is rather upsetting. OpenSUSE installation routine went from nearly-flawless in 11.1 to mildly annoying in 11.3, arriving to moderately obnoxious in 11.4. What happened? Same as with Microsoft, poor installation workflow is to blame. One can always feel when desktop support people take over workflow tasks from server admins.

More articles »

Commands & Shells »

Compress Old Log Files on Linux

Most log files located in /var/log are part of the log rotation and will be compressed automatically. However, in many cases various user applications maintain log files outside of /var/log. These logs are not managed …

More articles »

Data »

Adding LUNs to VXVM on Linux

The following is a brief overview of the process for adding LUNs to VXVM under Linux. In our example we have an RHEL 5 server with existing LUNs and VXVM volume groups. Two new LUNs with multipathing were allocated from SAN and need to be added to the system to grow one of the volumes and the corresponding filesystem.

More articles »

Hardware »

Quick Review: Boxee Box

Some of the technical issues with Boxee Box could have been fixed if the dev team was paying more attention to addressing the bugs rather than adding “features” of dubious value. In the final analysis, for the price and ease of use, Boxee Box is the best in its class and price range. You just need to be mindful of its limitations and buy it in hope of future improvements to its usability.

More articles »

Monitoring »

Simple Host Monitoring with SSH

Sometimes you just need something very simple to monitor a server or an application on a temporary basis. A basic ping monitor is fine, but it will only tell you if a server is responding on the network. It will not tell you if there is some other problem on the system. The script below relies on passwordless SSH setup to periodically log into the monitored nodes and check on their health by executing a local or remote script.

More articles »

Networking »

Red Hat: Changing Hostname and IP

Changing hostname and IP is frequently required when a server is being moved from testing or development to production. The process is a fairly simple one, but steps must be performed in a certain order to avoid complications.

More articles »

Scripts »

Windows Network Troubleshooting Script

I try my best to stay away from Windows. I wish my clients did the same. The usual difficulty of troubleshooting elusive network performance problems is amplified many-fold when there is a Windows computer at the end of the line. With Unix it’s relatively simple: run tests “a”, “b”, “c”, etc and follow the familiar process of elimination. With Windows in the picture the number of steps uses up all of the English alphabet and spills over well into the Russian one. And when you finally reach step “я”, you have to pull out your Chinese dictionary.

More articles »

Sponsor a Valve On Colossus
mikejuk writes "The UK's National Museum of Computing has come up with a novel idea to raise funds for its new gallery for its rebuilt Colossus computer — you can sponsor a valve. All you have to do is buy a small area in a picture of Colossus (at £0.1 per pixel — min £10), upload a picture to occupy the space, set a URL and pay using PayPal." […]
IBM Seeks Patent On Judging Programmers By Commits
theodp writes "How'd you like to be deemed unworthy of a job based upon a scan of your GitHub updates? That's what proposed in a newly-published IBM patent application for Automated Analysis of Code Developer's Profile, which proposes weeding out developer candidates for certain roles based on things like the amount of changes one typical […]
Therapy Over IP Draws the Young, Isolated
Lucas123 writes "Psychiatrists say VoIP technology is more popular with patients than even in-person therapy when it comes to counseling — especially for their younger patients who are less intimidated by it. Along with many patients who like the convenience, telepsychiatry is a necessity for others who live in rural areas or are in, prisons, nursing ho […]

Server Info

Server:	rowen.accountservergroup.com
OS    :	Red Hat 4.1.2-50
Kernel:	Linux 2.6.18-338.12.1.el5.lve0.8.34
Arch  :	64-bit OS running on 64-bit hardware 
CPU(s):	2 x 4-core Intel Xeon CPU E5620@ 2.40GHz
RAM   :	23Gb (99% used), 16 x 1Gb DIMMs
Swap  :	6Gb (0% used), paging in/out: 0/0
Uptime:	23 days
Load  :	.13, .14, .16
CPU % :	8 CPU cores at 16% combined utilization
Disk  :	util, svc time - sda: %, ms; 
Apps  :	MySQL 5.0.91, Perl 5.8.8
Issues:	occasional RAM shortages