Home -> Mailing Lists -> Oracle-L -> Re: R: OT: Linux df question

Re: R: OT: Linux df question

From: De DBA <dedba_at_tpg.com.au>
Date: Fri, 11 Jul 2014 18:48:54 +1000
Message-ID: <53BFA4F6.4030201_at_tpg.com.au> 





I don't believe that permissions or ACLs are the problem here, as the output of ls -ld does not show ACLs to be enabled on the filesystem ("." or "+" after the rwx permissions), and the rwx permissions are the same for /boot and /boot/efi, but the error occurs only on /boot/efi, not on any other subdirectories in /boot (there should at least also be /boot/grub).



It being RedHat 6, selinux is enabled by default, so it could well be the selinux context. They should be the same for /boot and /boot/efi. In my Scientific Linux 6 VM:



[user_at_emperor ~]$ sudo ls -dZ /boot /boot/efi /boot/grub

drwx------. root root system_u:object_r:boot_t:s0 /boot
drwx------. root root system_u:object_r:boot_t:s0 /boot/efi
drwx------. root root system_u:object_r:boot_t:s0 /boot/grub





[user_at_emperor ~]$ sudo getfacl /boot/efi
getfacl: Removing leading '/' from absolute path names

# file: boot/efi
# owner: root
# group: root
user::rwx




group::---


other::---



[user_at_emperor ~]$ df -h

Filesystem                          Size  Used Avail Use% Mounted on
/dev/mapper/vg_skerchi_sys-LVRoot1  7.9G  2.8G  4.8G  37% /
tmpfs                               372M  228K  371M   1% /dev/shm
/dev/sda1                           485M   35M  426M   8% /boot


/dev/mapper/vg_skerchi_sys-LVHome1 1008M  104M  853M  11% /home



Note that here ACLs are enabled on the filesystem, but none defined (there would be a "+"-sign instead of a "." after the rwx permissions). You can find out your own selinux context with id -Z. The context on /boot/efi can be corrected (if needed) with



# chcon-R --reference /boot /boot/efi



Hth,


Tony



On 11/07/14 17:56, Alessandro Vercelli wrote:


> Hi Joe,

> your error is due to oracle user permissions on filesystems.

> Non-root users are permitted to run df against mounted filesystems, but they

> must have execute permission on the parent directories of the mount.

>

> In your case, oracle user is granted to run df against /boot filesystem but it

> needs execute on /boot/efi.

>

> To correct the problem:

>

>            # chmod go+x /boot/efi

>

>

> However, a better workaround is to add oracle user to the disk group

>

>            # usermod -aG disk oracle

>

> in order that /boot/efi is not readable to all users.

>

>

> Greetings,

> Alessandro

>

>

>> ----Messaggio originale----

>> Da: JSweetser_at_icat.com

>> Data: 10/07/2014 19.17

>> A: "oracle-l (oracle-l_at_freelists.org)"<oracle-l_at_freelists.org>

>> Ogg: OT: Linux df question

>>

>> A bit of strangeness on a new server.

>>

>> $ cat /etc/redhat-release

>> Red Hat Enterprise Linux Server release 6.1 (Santiago)

>>

>> Systems team had the system up but could not get a 10gb ethernet card to

> work.  However, the output of df -h was normal when logged in as the oracle

> user.

>> They did something yesterday (new card at a minimum) and now the 10gb

> interface works but the df command throws an error (though it does complete).

> This doesn't appear to be causing any issues but it does bug me a bit.  I can't

> find much online about the error other than the grub file down that tree is

> needed for booting.

>> (oracle)

>> $ df -h

>> Filesystem            Size  Used Avail Use% Mounted on

>> /dev/sda7              73G  5.5G   64G   8% /

>> tmpfs                  95G   88K   95G   1% /dev/shm

>> /dev/sda2             200M   24M  176M  12% /boot

>> df: `/boot/efi': Permission denied

>> /dev/sda6              97G   22G   71G  24% /opt

>> /dev/sda3             842G  4.7G  794G   1% /u01

>> /dev/sda4             842G   58G  742G   8% /u02

>> /dev/sda8             837G  7.7G  787G   1% /u03

>> /dev/sdb1             2.8T   58G  2.6T   3% /u04

>>

>> (root)

>> # df -h

>> Filesystem            Size  Used Avail Use% Mounted on

>> /dev/sda7              73G  5.5G   64G   8% /

>> tmpfs                  95G   88K   95G   1% /dev/shm

>> /dev/sda2             200M   24M  176M  12% /boot

>> /dev/sda1             200M  256K  200M   1% /boot/efi

>> /dev/sda6              97G   22G   71G  24% /opt

>> /dev/sda3             842G  4.7G  794G   1% /u01

>> /dev/sda4             842G   58G  742G   8% /u02

>> /dev/sda8             837G  7.7G  787G   1% /u03

>> /dev/sdb1             2.8T   58G  2.6T   3% /u04

>>

>> # ls -ld /boot

>> drwx------ 4 root root 16384 Dec 31  1969 /boot

>>

>> # ls -ld /boot/efi

>> drwx------ 3 root root 16384 Dec 31  1969 /boot/efi

>>

>> Any/all ideas/comments welcome.

>>

>> Thanks,

>> -joe

>




--
http://www.freelists.org/webpage/oracle-l


Received on Fri Jul 11 2014 - 10:48:54 CEST












Original text of this message