VectorLinux
September 16, 2014, 01:08:20 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1]
  Print  
Author Topic: [finally SOLVED] at command won't work for user.  (Read 1721 times)
Pita
Vectorian
****
Posts: 1310


« on: July 16, 2010, 12:16:48 am »

The command "at" in VL6-STD and in VL6-Light-Live running from CD,
or from installed cannot be used when invoked as user. I get error:

~:$ at now
warning: commands will be executed using /bin/sh
Cannot create atjob file /var/spool/atjobs/a0003c014555ad: Permission denied

/var/spool/atjobs is set as owner daemon/bin.

In slackware it is set as daemon/daemon and working. If I set it this way in VL6
it still will not work for user.

I did not have this problem with my former VL6-Light original version.

It is understood that the at daemon is started and set for user as active service.

How can the at command for user be made to work?
« Last Edit: July 21, 2010, 07:38:26 pm by Pita » Logged
bigpaws
Vectorian
****
Posts: 1850


« Reply #1 on: July 16, 2010, 03:12:51 am »

Just a thought. Did you try using the full path?

Bigpaws





Logged
Pita
Vectorian
****
Posts: 1310


« Reply #2 on: July 16, 2010, 05:12:23 pm »

Just a thought. Did you try using the full path?

Bigpaws

Yes and the same error.

BTW the VL6-STD is installed in mini HP 2133 and there is the same problem as with
VL6-Light-Live running from CD or installed.
Therefore I conclude it is a VL6 issue. I ever, never had that problem and I use
command 'at' quite often.

Can anyone confirm having that problem as well?
Logged
roarde
Vectorian
****
Posts: 530


move the needle


« Reply #3 on: July 18, 2010, 10:09:56 am »

chmod 777 for /var/spool/atjobs and /var/spool/atspool works, but is bound to be a security hole -- not that I know.

Our at package is direct from Slack, which gets it from Deb. Deb has patched for this problem (thus Ubuntu) but Slack (thus Vector) hasn't picked up the patch.
Logged

Robert
VL STD 7.1 RC2.2.2, icewmvmods
Pita
Vectorian
****
Posts: 1310


« Reply #4 on: July 18, 2010, 05:22:21 pm »

chmod 777 for /var/spool/atjobs and /var/spool/atspool works, but is bound to be a security hole -- not that I know.

Our at package is direct from Slack, which gets it from Deb. Deb has patched for this problem (thus Ubuntu) but Slack (thus Vector) hasn't picked up the patch.

Thanks!

It works now. Grin
Logged
roarde
Vectorian
****
Posts: 530


move the needle


« Reply #5 on: July 18, 2010, 06:06:11 pm »

The security hole:
Anyone who can use the at command now potentially has access to most files on your machine. If the temp files can be altered, the jobs can be altered. Wouldn't take much knowledge (but more than I have right now) to get daemon to do just about anything it has permissions for.

Suggestions:
See if your jobs can be done with cron.
Try to build at and friends from a deb package or deb sources.
                         "                   BSD sources or so.
Request a new package of at and mention the problem and "upstream to Slack".

Glad you got to see it work, but I won't be using it this way. Reminds me to do some "un-chmod".
Logged

Robert
VL STD 7.1 RC2.2.2, icewmvmods
bigpaws
Vectorian
****
Posts: 1850


« Reply #6 on: July 18, 2010, 07:37:50 pm »

Slackware permissions are fine. At least 12.1, 12.2, 13.0 and 13.1

Bigpaws
Logged
Pita
Vectorian
****
Posts: 1310


« Reply #7 on: July 18, 2010, 08:11:20 pm »

I have slackware-13.0.0 where 'at' command as user is working and the permission is
set at 770.

Now if in VL6 I change 'at' from 777 to 770 I get again permission denied.

OK will see if I find another 'at'.
Logged
Pita
Vectorian
****
Posts: 1310


« Reply #8 on: July 18, 2010, 11:33:42 pm »

It seems I got it working now with 770 setting.

Removed 'at'. When trying to reinstall with gslapt the newly
upgraded gslapt -0.5.3c crashed every time clicking on a program.
Removed gslapt and reinstalled -0.5.3. Installed 'at' and it is working now as
user.  Huh Smiley
Logged
bigpaws
Vectorian
****
Posts: 1850


« Reply #9 on: July 19, 2010, 04:07:05 pm »

There is a SUID in slackware, which is the reason for the s in ls -la

Bigpaws
Logged
Pita
Vectorian
****
Posts: 1310


« Reply #10 on: July 19, 2010, 11:51:52 pm »

It seems the problem is not yet solved for:

VL6-STD installed in HP 2133 Mini Note.

I tried the same as in my Desktop, that is uninstall 'at' and then reinstall.
It did change the owner of /var/spool/atjobs from daemon/bin to daemon/daemon
as in my desktop, however, trying to use it I still get "you have no permission to
use at". Huh





Logged
roarde
Vectorian
****
Posts: 530


move the needle


« Reply #11 on: July 20, 2010, 06:14:31 pm »

Code:
root:# touch /var/spool/atjobs/.SEQ
root:# chmod 660 /var/spool/atjobs/.SEQ
root:# chown daemon.daemon /var/spool/atjobs/.SEQ
root:# chmod 640 /etc/at.deny
root:# chown root.daemon /etc/at.deny

If that doesn't work, then
Code:
root:# slapt-get --remove at
Reading Package Lists... Done
The following packages will be REMOVED:
  at
0 upgraded, 0 reinstalled, 0 newly installed, 1 to remove and 0 not upgraded.
After unpacking 110.0kB disk space will be freed.
Do you want to continue? [y/N] y

Removing package at-3.1.10-i486-1...
  --> /etc/at.deny.new no longer exists. Skipping.
WARNING: /var/spool/atjobs/.SEQ changed after package installation.

Done
root:# rm -f /etc/at.deny
root:# slapt-get --install at

I'm taking notes on differences between Light and STD. Has this machine had Light on it since the last formatting of / ? When I started, permissions for /var/spool/atjobs/.SEQ were 600 root:root, so daemon couldn't access it. The commands I listed for .SEQ are from the at package's doinstall.sh. They're introduced by
Code:
if [ ! -r var/spool/atjobs/.SEQ ]; then
I wouldn't have the good sense to check this in the first place. But unless I missed something, packages are installed by root; the check should be whether daemon can read the file.
Logged

Robert
VL STD 7.1 RC2.2.2, icewmvmods
bigpaws
Vectorian
****
Posts: 1850


« Reply #12 on: July 20, 2010, 06:33:05 pm »

There is a sticky bit set to allow you to run this as a different user.

-rwsr-sr-x 1 daemon daemon 36484 2006-08-02 20:55 /usr/bin/at

s: setuid or setgid

Bigpaws
« Last Edit: July 20, 2010, 06:37:15 pm by bigpaws » Logged
Pita
Vectorian
****
Posts: 1310


« Reply #13 on: July 21, 2010, 07:42:44 pm »

Code:
root:# touch /var/spool/atjobs/.SEQ
root:# chmod 660 /var/spool/atjobs/.SEQ
root:# chown daemon.daemon /var/spool/atjobs/.SEQ
root:# chmod 640 /etc/at.deny
root:# chown root.daemon /etc/at.deny


After having done above 'at' is now working for user in HP 2133 with VL6-STD.

Thank you so much for you efforts! Cheesy
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!