Sudo mkdir fails due to permission denied error

permissions sudo opensuse mkdir
6,814

This is due to "root squash" on the NFS server. From the exports(5) man page (emphasis mine):

nfsd bases its access control to files on the server machine on the uid and gid provided in each NFS RPC request. The normal behavior a user would expect is that she can access her files on the server just as she would on a normal file system. This requires that the same uids and gids are used on the client and the server machine. This is not always true, nor is it always desirable.

Very often, it is not desirable that the root user on a client machine is also treated as root when accessing files on the NFS server. To this end, uid 0 is normally mapped to a different id: the so-called anonymous or nobody uid. This mode of operation (called 'root squashing') is the default, and can be turned off with no_root_squash.

To paraphrase, it's generally a security risk to allow root (e.g., when running sudo) on the NFS client to modify files and file attributes as if it were root on the NFS server. This would effectively make root on the client equivalent to root on the server, and allow a rogue client to take over the server.

From the RHEL 6 security guide:

If no_root_squash is used, remote root users are able to change any file on the shared file system and leave applications infected by Trojans for other users to inadvertently execute.

Share:
6,814

Related videos on Youtube

ventsyv
Author by

ventsyv

Updated on September 18, 2022

Comments

  • ventsyv
    ventsyv almost 2 years

    I've written a script that copies some files from one place to another and since I don't have permissions to the source folder, I tried running it with sudo. The problem is that now the creation of the destination folders fails. Here is a simple test case:

    In my home directory the following works:

    mkdir testDir

    But this fails due to permission denied error

    sudo mkdir testDir2

    My home directory has 755 permissions and is own by me.

    I ran sudo groups and found that as expected the root group is there, but strangely, the users is not. Also running groups as myself reveals that I'm not in the sudo group.

    Any ideas what's going on? Why am I not able to write to my home folder when running with sudo?

    • Jeff Schaller
      Jeff Schaller over 7 years
      first idea that comes to mind is that your home directory is on an NFS share that's squashing root
    • ventsyv
      ventsyv over 7 years
      Yes, it is an NFS. Can you explain how could root be squashed on an NFS share? The only thing I can think of is to mount the share read only, but that's certainly not the case.
    • Jeff Schaller
      Jeff Schaller over 7 years

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Open file or application as root from GUI
mkdir permission denied
How can I have a PHP script run a shell script as root?
linux mkdir function can't authorize full permission
Should Vagrant require sudo for each command?
Allow chown command to www-data user
"Sorry, user user1 is not allowed to execute '/bin/ls' as root on hostname"
Why should I be installing my applications in the /opt location?
Allow certain guests to execute certain commands
Sudo is not asking for password on Ubuntu 16.04