From: "Mr. Daniel Browne" <dbrowne@(email surpressed)> Subject: Login/Logout hook scripts on Linux Date: Wed, 20 Mar 2013 16:19:57 -0400 |
Msg# 2316 View Complete Thread (9 articles) | All Threads Last Next |
Hi Greg, No matter what I try I simply cannot get any of the rush -online/-offline commands to execute when included in the linux /etc/gdm/PostLogin/Default or /etc/gdm/PostSession/Default scripts. They will work fine if the script is executed manually from the shell but when the scripts are run behind the scenes by the gnome login window. My other commands in the scripts seem to work fine. Is there an environment variable or some other element needed that /usr/local/rush/bin/rush might not be getting? -Dan ---------- Dan "Doc" Browne System Administrator Evil Eye Pictures dbrowne@(email surpressed) Office: (415) 777-0666 x105 |
From: Greg Ercolano <erco@(email surpressed)> Subject: Re: Login/Logout hook scripts on Linux Date: Wed, 20 Mar 2013 16:35:14 -0400 |
Msg# 2317 View Complete Thread (9 articles) | All Threads Last Next |
On 03/20/13 13:19, Mr. Daniel Browne wrote: > [posted to rush.general] > > Hi Greg, > > No matter what I try I simply cannot get any of the rush = > -online/-offline commands to execute when included in the linux = > /etc/gdm/PostLogin/Default or /etc/gdm/PostSession/Default scripts. What's the error output say from the command? Paste the output here. If you're not sure where the error output goes when the scripts run, redirect the output to a log file, e.g. rush -offline >> /tmp/test.log 2>&1 ..then logout/in to inspect the log to see what the errors are. > They = > will work fine if the script is executed manually from the shell but = > when the scripts are run behind the scenes by the gnome login window. My = > other commands in the scripts seem to work fine. Is there an environment = > variable or some other element needed that /usr/local/rush/bin/rush = > might not be getting? Other than the PATH, no, can't think of any. And you can avoid that with an absolute path to the command.. -- Greg Ercolano, erco@(email surpressed) Seriss Corporation Rush Render Queue, http://seriss.com/rush/ Tel: (Tel# suppressed)ext.23 Fax: (Tel# suppressed) Cel: (Tel# suppressed) |
From: "Mr. Daniel Browne" <dbrowne@(email surpressed)> Subject: Re: Login/Logout hook scripts on Linux Date: Wed, 20 Mar 2013 16:50:55 -0400 |
Msg# 2318 View Complete Thread (9 articles) | All Threads Last Next |
ah ha; the error is rush: 'rush -offline': bing: can't open port lock file '/usr/local/rush/var/nextport': Permission denied On Mar 20, 2013, at 1:35 PM, Greg Ercolano wrote: [posted to rush.general] On 03/20/13 13:19, Mr. Daniel Browne wrote: > [posted to rush.general] > > Hi Greg, > > No matter what I try I simply cannot get any of the rush = > -online/-offline commands to execute when included in the linux = > /etc/gdm/PostLogin/Default or /etc/gdm/PostSession/Default scripts. What's the error output say from the command? Paste the output here. If you're not sure where the error output goes when the scripts run, redirect the output to a log file, e.g. rush -offline >> /tmp/test.log 2>&1 ..then logout/in to inspect the log to see what the errors are. > They = > will work fine if the script is executed manually from the shell but = > when the scripts are run behind the scenes by the gnome login window. My = > other commands in the scripts seem to work fine. Is there an environment = > variable or some other element needed that /usr/local/rush/bin/rush = > might not be getting? Other than the PATH, no, can't think of any. And you can avoid that with an absolute path to the command.. -- Greg Ercolano, erco@(email surpressed) Seriss Corporation Rush Render Queue, http://seriss.com/rush/ Tel: (Tel# suppressed)ext.23 Fax: (Tel# suppressed) Cel: (Tel# suppressed) ---------- Dan "Doc" Browne System Administrator Evil Eye Pictures dbrowne@(email surpressed) Office: (415) 777-0666 x105 |
From: Greg Ercolano <erco@(email surpressed)> Subject: Re: Login/Logout hook scripts on Linux Date: Wed, 20 Mar 2013 17:28:47 -0400 |
Msg# 2319 View Complete Thread (9 articles) | All Threads Last Next |
On 03/20/13 13:50, Mr. Daniel Browne wrote: > [posted to rush.general] > > ah ha; the error is rush: 'rush -offline': bing: can't open port lock = > file '/usr/local/rush/var/nextport': Permission denied Hmm, that would mean /usr/local/rush/bin/rush has lost its setuid permissions. To fix that, run this as root on that machine: chown 0.0 /usr/local/rush/bin/{rush,rushd} chmod 4755 /usr/local/rush/bin/{rush,rushd} ..and on any other machine where the perms aren't rwsr-xr-x for the rush + rushd binaries. -- Greg Ercolano, erco@(email surpressed) Seriss Corporation Rush Render Queue, http://seriss.com/rush/ Tel: (Tel# suppressed)ext.23 Fax: (Tel# suppressed) Cel: (Tel# suppressed) |
From: Greg Ercolano <erco@(email surpressed)> Subject: Re: Login/Logout hook scripts on Linux Date: Wed, 20 Mar 2013 17:42:51 -0400 |
Msg# 2320 View Complete Thread (9 articles) | All Threads Last Next |
On 03/20/13 14:28, Greg Ercolano wrote: > [posted to rush.general] > > On 03/20/13 13:50, Mr. Daniel Browne wrote: >> [posted to rush.general] >> >> ah ha; the error is rush: 'rush -offline': bing: can't open port lock = >> file '/usr/local/rush/var/nextport': Permission denied > > Hmm, that would mean /usr/local/rush/bin/rush has lost its setuid permissions. > To fix that, run this as root on that machine: > > chown 0.0 /usr/local/rush/bin/{rush,rushd} > chmod 4755 /usr/local/rush/bin/{rush,rushd} I'm concerned if those perms were changed, others might be broken as well. Is it possible someone might have executed a runaway chown/chmod command that hit the entire /usr/local/rush directory? Under unix, many of the rush files and dirs need very specific permissions to operate securely, and a few /must/ be set to operate at all. To operate at all, the rush + rushd binaries /must/ be 4755 root/root or root/wheel: $ ls -la /usr/local/rush/bin/{rush,rushd} -rwsr-xr-x 1 root root 1234568 Feb 6 21:00 /usr/local/rush/bin/rush -rwsr-xr-x 1 root root 1618864 Feb 6 21:00 /usr/local/rush/bin/rushd ^^^^^^^^^^ ^^^^^^^^^ | | | Should root/root (linux) or root/wheel (mac) | The 's' is important For these setuid programs to be secure, the parent dirs should really be 755 and root/root as well, eg: $ ls -lad /usr/local/rush /usr/local/rush/bin drwxr-xr-x 11 root root 4096 Feb 6 21:00 /usr/local/rush drwxr-xr-x 3 root root 4096 Feb 6 21:00 /usr/local/rush/bin ^^^^^^^^^^ ^^^^^^^^^ For security, the entire rush/etc and rush/var directory hierarchy should be owned by root and either 755 (for scripts and the dir itself) or 644 (for non-executable files). Under normal circumstances, no files in rush/etc or rush/var should be writable to anyone other than root. When you extract the tar file with the 'p' flag, the perms should be correct, and the install script enforces the above perms on the rush binaries. -- Greg Ercolano, erco@(email surpressed) Seriss Corporation Rush Render Queue, http://seriss.com/rush/ Tel: (Tel# suppressed)ext.23 Fax: (Tel# suppressed) Cel: (Tel# suppressed) |
From: "Mr. Daniel Browne" <dbrowne@(email surpressed)> Subject: Re: Login/Logout hook scripts on Linux Date: Wed, 20 Mar 2013 18:01:25 -0400 |
Msg# 2321 View Complete Thread (9 articles) | All Threads Last Next |
The SUID bits are set on the file, but I think that something is overriding/blocking the behavior when it runs from GDM. On Mar 20, 2013, at 2:28 PM, Greg Ercolano wrote: [posted to rush.general] On 03/20/13 13:50, Mr. Daniel Browne wrote: > [posted to rush.general] > > ah ha; the error is rush: 'rush -offline': bing: can't open port lock = > file '/usr/local/rush/var/nextport': Permission denied Hmm, that would mean /usr/local/rush/bin/rush has lost its setuid permissions. To fix that, run this as root on that machine: chown 0.0 /usr/local/rush/bin/{rush,rushd} chmod 4755 /usr/local/rush/bin/{rush,rushd} ..and on any other machine where the perms aren't rwsr-xr-x for the rush + rushd binaries. -- Greg Ercolano, erco@(email surpressed) Seriss Corporation Rush Render Queue, http://seriss.com/rush/ Tel: (Tel# suppressed)ext.23 Fax: (Tel# suppressed) Cel: (Tel# suppressed) ---------- Dan "Doc" Browne System Administrator Evil Eye Pictures dbrowne@(email surpressed) Office: (415) 777-0666 x105 |
From: Greg Ercolano <erco@(email surpressed)> Subject: Re: Login/Logout hook scripts on Linux Date: Wed, 20 Mar 2013 18:11:16 -0400 |
Msg# 2322 View Complete Thread (9 articles) | All Threads Last Next |
On 03/20/13 15:01, Mr. Daniel Browne wrote: > The SUID bits are set on the file, but I think that something is = > overriding/blocking the behavior when it runs from GDM. Hmm, shouldn't be. I'm assuming the commands work from the terminal as the user, right? Is there anything in the /var/log/messages or dmesg indicating a problem from the kernel? Otherwise, paste the output of: ls -lad /usr /usr/local /usr/local/rush ls -lad /usr/local/rush/bin /usr/local/rush/bin/{rush,rushd} We need to make sure all the parent dirs are 755 root/root, as the OS might not like setuid binaries lying around in dirs that are writable to other than root. -- Greg Ercolano, erco@(email surpressed) Seriss Corporation Rush Render Queue, http://seriss.com/rush/ Tel: (Tel# suppressed)ext.23 Fax: (Tel# suppressed) Cel: (Tel# suppressed) |
From: "Mr. Daniel Browne" <dbrowne@(email surpressed)> Subject: Re: Login/Logout hook scripts on Linux Date: Wed, 20 Mar 2013 18:30:48 -0400 |
Msg# 2323 View Complete Thread (9 articles) | All Threads Last Next |
Yes, the commands work in the user's terminal. There are no errors recorded in either log. Here's the LS output: dbrowne[bing] ~ (43)% ls -lad /usr /usr/local /usr/local/rush drwxr-xr-x. 15 root root 4096 Oct 9 2011 /usr drwxr-xr-x. 21 root root 4096 Mar 13 16:00 /usr/local drwxr-xr-x. 11 root root 4096 Nov 23 2009 /usr/local/rush dbrowne[bing] ~ (44)% ls -lad /usr/local/rush/bin /usr/local/rush/bin/{rush,rushd} drwxr-xr-x. 2 root root 4096 Nov 23 2009 /usr/local/rush/bin -rwsr-xr-x. 1 root root 949384 Nov 23 2009 /usr/local/rush/bin/rush -rwsr-xr-x. 1 root root 1272168 Nov 23 2009 /usr/local/rush/bin/rushd On Mar 20, 2013, at 3:11 PM, Greg Ercolano wrote: ls -lad /usr/local/rush/bin /usr/local/rush/bin/{rush,rushd} ---------- Dan "Doc" Browne System Administrator Evil Eye Pictures dbrowne@(email surpressed) Office: (415) 777-0666 x105 |
From: Greg Ercolano <erco@(email surpressed)> Subject: Re: Login/Logout hook scripts on Linux Date: Wed, 20 Mar 2013 19:15:14 -0400 |
Msg# 2324 View Complete Thread (9 articles) | All Threads Last Next |
On 03/20/13 15:30, Mr. Daniel Browne wrote: > Yes, the commands work in the user's terminal. There are no errors = > recorded in either log. Here's the LS output: The 'ls' output looked fine. We talked by phone and found the problem: selinux was "on". Turning it off solved the problem. -- Greg Ercolano, erco@(email surpressed) Seriss Corporation Rush Render Queue, http://seriss.com/rush/ Tel: (Tel# suppressed)ext.23 Fax: (Tel# suppressed) Cel: (Tel# suppressed) |