Re: "spontaneous" permissions changes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Franck, that's a very good idea - I'll certainly check as soon as I can. Unfortunately I just can't umount right now. Maybe this weekend.

Thanks

--Yuri

Franck RICHARD wrote:
If the permission change to 400 (read only), it's a security when the filesystem is corrupted, to protect it.

Do a check of your Filesystem, (umount, e2fsck, mount).

Maybe you can find something...




-----Message d'origine-----
De : linux-admin-owner@xxxxxxxxxxxxxxx [mailto:linux-admin-owner@xxxxxxxxxxxxxxx] De la part de Yuri Csapo
Envoyé : mercredi 26 août 2009 23:08
À : linux-admin
Objet : "spontaneous" permissions changes

Hi all, I have a strange situation I wish someone could help me with. This is the setup:

- Virtual machine running the latest VM under ESXi
- VM has one processor, 2 GB RAM, 1 GB swap
- Ubuntu 8.04 LTS
- The virtual host runs only this VM
- Virtual host connects to a Lefthand Networks (now HP) SAN through 1 GB copper ethernet and iSCSI
- VM has a 1 TB volume from the SAN that looks like a SCSI drive to Linux (/dev/sdc)
- sdc is formatted as one big ext3 partition (sdc1)
- sdc1 is exported both as an NFS resource and a SMB share (via Samba)
- Authentication is Kerberos and authorization is local, if that matters

The permissions on that partition's mount point, usually 755, changed suddenly to 400. I have looked at sudo logs, root's and all admins' history files and I can find no evidence of someone changing those permissions or of tampering with the logs.

Physical access to the box requires the right keycard; logon (ssh) access to the box is restricted to sysadmins and support personel only; the root password is a 32 char long random string that lives in an encrypted repository on my iPod Touch. There are only 2 people, myself included, with full sudo rights; there are another 5 people with sudo rights to a number of administration things including chmod.

This is a state university and it happened on the first day of classes.

My questions:

- Did I look everywhere I should be looking to find evidence of foul play?
- Does anyone know of anything in this setup that could trigger a seemingly spontaneous permissions change like that?

Thanks,

--
Yuri Csapo
Academic Computing & Networking
Colorado School of Mines
CT-256
Phone:  (303) 273-3503
Fax:      (303) 273-3475
Email:   ycsapo@xxxxxxxxx

Please use the following link to open a service request:
http://helpdesk.mines.edu
===========================================
With a PC, I always felt limited
by the software available.
On Unix, I am limited only by my knowledge.
--Peter J. Schoenster

--
Yuri Csapo
Academic Computing & Networking
Colorado School of Mines
CT-256
Phone:  (303) 273-3503
Fax:      (303) 273-3475
Email:   ycsapo@xxxxxxxxx

Please use the following link to open a service request:
http://helpdesk.mines.edu
===========================================
With a PC, I always felt limited
by the software available.
On Unix, I am limited only by my knowledge.
--Peter J. Schoenster
begin:vcard
fn:Yuri Csapo
n:Csapo;Yuri
org:Colorado School of Mines;CCIT
email;internet:ycsapo@xxxxxxxxx
title:System Administrator
tel;work:(303) 273-3503
x-mozilla-html:FALSE
version:2.1
end:vcard


[Index of Archives]     [Linux Newbie]     [Audio]     [Hams]     [Kernel Newbies]     [Util Linux NG]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Device Drivers]     [Samba]     [Video 4 Linux]     [Git]     [Fedora Users]

  Powered by Linux