Re: "spontaneous" permissions changes

[Yuri Csapo <ycsapo@exchange.mines.edu>]

[-- Attachment #1: Type: text/plain, Size: 5067 bytes --]

Franck, that's a very good point. I shall be asking VMware support about this.

Thanks!

Yuri

Franck RICHARD wrote:
> Hi,
> 
> When you work with virtual systems, when you have the filesystem of your virtual machine corrupted,
> maybe you have only errors on the syslog of your Host and not on your virtual machine…
> 
> The kernel of the virtual machine detect that she doesn't have anymore a write permission on the disk and switch the permissions…
> 
> I'm not sure, but I have a similar case in the past with Xen
> 
> 
> De : Herta Van den Eynde [mailto:herta.vandeneynde@gmail.com]
> Envoyé : jeudi 27 août 2009 23:01
> À : ycsapo@mines.edu
> Cc : Franck RICHARD; linux-admin
> Objet : Re: "spontaneous" permissions changes
> 
> Hi Franck,
> 
> That sounds like a plausible theory, but I've had my share of filesystem corruptions, and they always logged errors in syslog.  Does your mileage vary?
> 
> Also, if this were a filesystem corruption, could Yuri have worked passed it without a filesystem check?
> 
> Kind regards,
> 
> Herta
> 2009/8/27 Yuri Csapo <ycsapo@exchange.mines.edu<mailto:ycsapo@exchange.mines.edu>>
> Franck, that's a very good idea - I'll certainly check as soon as I can. Unfortunately I just can't umount right now. Maybe this weekend.
> 
> Thanks
> 
> --Yuri
> 
> 
> Franck RICHARD wrote:
> If the permission change to 400 (read only), it's a security when the filesystem is corrupted, to protect it.
> 
> Do a check of your Filesystem, (umount, e2fsck, mount).
> 
> Maybe you can find something...
> 
> 
> 
> 
> -----Message d'origine-----
> De : linux-admin-owner@vger.kernel.org<mailto:linux-admin-owner@vger.kernel.org> [mailto:linux-admin-owner@vger.kernel.org<mailto:linux-admin-owner@vger.kernel.org>] De la part de Yuri Csapo
> Envoyé : mercredi 26 août 2009 23:08
> À : linux-admin
> Objet : "spontaneous" permissions changes
> 
> Hi all, I have a strange situation I wish someone could help me with. This is the setup:
> 
> - Virtual machine running the latest VM under ESXi
> - VM has one processor, 2 GB RAM, 1 GB swap
> - Ubuntu 8.04 LTS
> - The virtual host runs only this VM
> - Virtual host connects to a Lefthand Networks (now HP) SAN through 1 GB copper ethernet and iSCSI
> - VM has a 1 TB volume from the SAN that looks like a SCSI drive to Linux (/dev/sdc)
> - sdc is formatted as one big ext3 partition (sdc1)
> - sdc1 is exported both as an NFS resource and a SMB share (via Samba)
> - Authentication is Kerberos and authorization is local, if that matters
> 
> The permissions on that partition's mount point, usually 755, changed suddenly to 400. I have looked at sudo logs, root's and all admins' history files and I can find no evidence of someone changing those permissions or of tampering with the logs.
> 
> Physical access to the box requires the right keycard; logon (ssh) access to the box is restricted to sysadmins and support personel only; the root password is a 32 char long random string that lives in an encrypted repository on my iPod Touch. There are only 2 people, myself included, with full sudo rights; there are another 5 people with sudo rights to a number of administration things including chmod.
> 
> This is a state university and it happened on the first day of classes.
> 
> My questions:
> 
> - Did I look everywhere I should be looking to find evidence of foul play?
> - Does anyone know of anything in this setup that could trigger a seemingly spontaneous permissions change like that?
> 
> Thanks,
> 
> --
> Yuri Csapo
> Academic Computing & Networking
> Colorado School of Mines
> CT-256
> Phone:  (303) 273-3503
> Fax:      (303) 273-3475
> Email:   ycsapo@mines.edu<mailto:ycsapo@mines.edu>
> 
> Please use the following link to open a service request:
> http://helpdesk.mines.edu
> ===========================================
> With a PC, I always felt limited
> by the software available.
> On Unix, I am limited only by my knowledge.
> --Peter J. Schoenster
> 
> --
> Yuri Csapo
> Academic Computing & Networking
> Colorado School of Mines
> CT-256
> Phone:  (303) 273-3503
> Fax:      (303) 273-3475
> Email:   ycsapo@mines.edu<mailto:ycsapo@mines.edu>
> 
> Please use the following link to open a service request:
> http://helpdesk.mines.edu
> ===========================================
> With a PC, I always felt limited
> by the software available.
> On Unix, I am limited only by my knowledge.
> --Peter J. Schoenster
> 
> 
> 
> --
> "Life on Earth may be expensive,
> but it comes with a free ride around the Sun."
> 

-- 
Yuri Csapo
Academic Computing & Networking
Colorado School of Mines
CT-256
Phone:  (303) 273-3503
Fax:      (303) 273-3475
Email:   ycsapo@mines.edu

Please use the following link to open a service request:
http://helpdesk.mines.edu
===========================================
With a PC, I always felt limited
by the software available.
On Unix, I am limited only by my knowledge.
--Peter J. Schoenster

[-- Attachment #2: ycsapo.vcf --]
[-- Type: text/x-vcard, Size: 200 bytes --]

begin:vcard
fn:Yuri Csapo
n:Csapo;Yuri
org:Colorado School of Mines;CCIT
email;internet:ycsapo@mines.edu
title:System Administrator
tel;work:(303) 273-3503
x-mozilla-html:FALSE
version:2.1
end:vcard