Hi Terry,
> We asked them to list the contents of the directory that contains the
> binary, and they got: Â
>
> merlin:admin:>ls -la
> total 42
> drwxrwxrwx  2 admin   mats        512 Feb 16 09:24 ./
> drwxrwxrwx 13 root    root       1024 Feb 23 07:05 ../
> -rwxrwxrwx  1 admin   mats       9373 Feb 16 09:24
> checkforstop*
> -rwxrwxrwx  1 admin   mats       8942 Feb 16 09:24
> startloopstop*
(I'm surprised ls(1) is showing a * (for executable) against those two
files by default. Perhaps they've got it aliased to `ls -F' or
something.)
What does
file ./checkforstop ./startloopstop
show? Also, if you shipped those executables to them, can they confirm
they're still byte-for-byte OK, e.g. do
cksum ./checkforstop ./startloopstop
on your machine and theirs. You should both have that, it's a
polynomial CRC so robust enough. Compare the outputs.
> The user admin is listed as the account for installing software and he
> gets a csh to use.
OK.
> 1. If I enter ./startloopstop, I get the small dialogue box which
> gives the user control over the running program. When this is pressed
> a small file is written to the local directory, which is the signal,
> via checkforloopstop, to the running test program to exit the loop.Â
> This works fine for me. When the customer tries to do this, he gets
> 'Permission denied' when he types ./startloopstop.
If you're at all dubious about their ability to enter what they say
they're entering, have him type
ls ./startloopstop
!$
The first command should just ls(1) that one file, confirming the
filename, including the leading `./', is entered correctly. The second
is a history substitution that's replaced by the last word of the last
command; the thing we now know is entered correctly. But I guess
they're used to do this pre-upgrade?
> What other things could prevent execution, bearing in mind the file
> and directory permissionsseem to allow anyone to do anything?
Are they both C executables? I forget their history. Perhaps, after
the OS upgrade, the shared libraries they depend on aren't available or
are incompatible?
ldd(1), as on Linux, will get 5.8 to list the libraries needed by a
file. It shows the system recognises it as an binary executable file
along the way.
ldd ./startloopstop
The user's PATH won't matter since they're being run with a `/' in their
name, so it's important they're run as ./startloopstop. Does
./checkforstop work? Have they a C compiler on that machine? What if
they do
echo 'main() { puts("hello"); return 0; }' >hello.c
cc hello.c
./a.out
Does ./a.out run and print "hello"?
"Permission denied" is the normal text for the EACCES errno value. If
we assume csh(1) is getting as far as running execve(2) to kick off
./startloopstop then the error, from execve(2), means:
EACCES
Search permission is denied for a directory listed in the new
process file's path prefix; the new process file is not an ordinary
file; or the new process file mode denies execute permission.
The file's path prefix is `./' and everyone has search permission ('x')
on `.' according to the ls(1) output above. Perhaps the executable file
being in the old Solaris 7 format, or not having all the shared
libraries availble maps onto "is not an ordinary file", but I doubt it.
And there's clearly execute permission for all ('x') on the file itself.
If they can compile C and run ./a.out, have them create run.c in that
directory containing
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
main() {
int i;
errno = 0;
i = execl("./startloopstop", "startloopstop", (char *)0);
printf("%d %d\n", i, errno);
perror("as text");
return 0;
}
They build ./run with
cc -o run run.c
and then do
./run
It's taking the place of csh kicking off startloopstop. If it fails
then it'll print out execl(3)'s return value, i, which will be -1
(failure), the numeric value of errno, and what is the normal text
version of it, e.g. "Permission denied". That may shed some light.
> 2c. There is a file called profile in /etc, is that relevant? It
> seems to be a script. At the bottom of this file is the single line
> umask 022.
umask, whatever it is, and wherever it's being set, just influences the
default permissions of newly created files.
> 3. In a csh, how do I find where I am?
`pwd', print-working-directory. It's a built-in in C shell, as in
(ba)?sh.
> 4. In a csh, should appropos work? I can do man apropos, but foobar
> anything simply lists the paths that it has searched and failed to
> find man pages.
Does `man man' work? If so, try `man -k foo' instead of `apropos foo'.
apropos is normally just a short-cut for `man -k'.
If the system had strace(1) we could just go for a simple
strace csh -c ./startloopstop
and see exactly what the csh was trying to do and how far it got. But
it hasn't. :-)
Cheers,
Ralph.
--
Next meeting: Dorchester, Tue 2010-03-02 20:00
http://dorset.lug.org.uk/ http://www.linkedin.com/groups?gid=2645413
Chat: http://www.mibbit.com/?server=irc.blitzed.org&channel=%23dorset
List info: https://mailman.lug.org.uk/mailman/listinfo/dorset
