Why does redirection (>) not work sometimes but appending (>>) does?

linux bash shell rhel io-redirection
7,887

It is probably bug in SELinux policy with regards to semanage binary (which has its own context semanage_t) and /tmp directory, which has its own context too - tmp_t.

I was able to reproduce almost same results on my CentOS 5.6. 

# file /tmp/users.txt 
/tmp/users.txt: ERROR: cannot open `/tmp/users.txt' (No such file or directory)
# semanage login -l  >  /tmp/users.txt
# file /tmp/users.txt 
/tmp/users.txt: empty
# semanage login -l  >>  /tmp/users.txt
# file /tmp/users.txt 
/tmp/users.txt: empty

When I tried to use file in different directory I got normal results

# file /root/users.txt
/root/users.txt: ERROR: cannot open `/root/users.txt' (No such file or directory)
# semanage login -l  >  /root/users.txt
# file /root/users.txt
/root/users.txt: ASCII text

Difference between /tmp and /root is their contexts

# ls -Zd /root/
drwxr-x---  root root root:object_r:user_home_dir_t    /root/
# ls -Zd /tmp/
drwxrwxrwt  root root system_u:object_r:tmp_t          /tmp/

And finally, after trying to redirect into file in /tmp I have got following errors in /var/log/audit/audit.log

type=AVC msg=audit(1310971817.808:163242): avc:  denied  { write } for  pid=10782 comm="semanage" path="/tmp/users.txt" dev=dm
-0 ino=37093377 scontext=user_u:system_r:semanage_t:s0 tcontext=user_u:object_r:tmp_t:s0 tclass=file
type=AVC msg=audit(1310971838.888:163255): avc:  denied  { append } for  pid=11372 comm="semanage" path="/tmp/users.txt" dev=d
m-0 ino=37093377 scontext=user_u:system_r:semanage_t:s0 tcontext=user_u:object_r:tmp_t:s0 tclass=file

Interesting note: redirecting semanage output to pipe works OK

#semanage login -l  | tee /tmp/users.txt > /tmp/users1.txt
# file /tmp/users.txt 
/tmp/users.txt: ASCII text
# file /tmp/users1.txt 
/tmp/users1.txt: ASCII text
Share:
7,887

Related videos on Youtube

Belmin Fernandez
Author by

Belmin Fernandez

Learning and helping.

Updated on September 18, 2022

Comments

  • Belmin Fernandez
    Belmin Fernandez over 1 year

    While studying for the RHCE, I came across a situation where stdin redirection does not work in bash:

    # file /tmp/users.txt
/tmp/users.txt: cannot open `/tmp/users.txt' (No such file or directory)  
# semanage login -l > /tmp/users.txt
# file /tmp/users.txt
/tmp/users.txt: empty

    However, this works:

    # file /tmp/users.txt
/tmp/users.txt: cannot open `/tmp/users.txt' (No such file or directory)
# semanage login -l >> /tmp/users.txt
# file /tmp/users.txt
/tmp/users.txt: ASCII text

    Why is this the case?

    1st Update:

    Permissions:

    # ls -ld /tmp
drwxrwxrwt. 8 root root 4096 Jul 17 15:27 /tmp

    ACLs (not an ACL mount but just in case):

    # getfacl /tmp
getfacl: Removing leading '/' from absolute path names
# file: tmp
# owner: root
# group: root
# flags: --t
user::rwx
group::rwx
other::rwx

    And I'm performing all commands as root (hence the hash prompt).

    2nd Update

    Per Caleb, full permissions listing of /tmp:

    # ls -al /tmp
total 40
drwxrwxrwt.  8 root    root    4096 Jul 17 15:37 .
dr-xr-xr-x. 26 root    root    4096 Jul 17 15:07 ..
drwx------.  2 melmel  melmel  4096 Jul 16 21:08 .esd-500
drwxrwxrwt.  2 root    root    4096 Jul 17 15:07 .ICE-unix
drwx------.  2 gdm     gdm     4096 Jul 17 15:08 orbit-gdm
drwx------.  2 gdm     gdm     4096 Jul 17 15:07 pulse-5E9i88IGxaNh
drwx------.  2 melmel  melmel  4096 Jul 16 21:08 pulse-329qCo13Xk
-rw-------.  1 root    root       0 Jul 16 14:32 tmpXd9THg
-rw-------.  1 root    root       0 Jul 16 12:55 tmpie0O98
-rw-------.  1 root    root       0 Jul 16 20:23 tmpr10LrK
-r--r--r--.  1 root    root      11 Jul 17 15:07 .X0-lock
drwxrwxrwt.  2 root    root    4096 Jul 17 15:07 .X11-unix
-rw-r--r--.  1 root    root     865 Jul 16 20:20 yum.conf.security
-rw-------.  1 root    root       0 Jul 10 14:57 yum.log

    3rd Update:

    Per Hello71:

    # mount | grep /tmp
# mount | grep -w '/'
/dev/mapper/vg_svr-tap-lv_root on / type ext4 (rw)

    Answers to Gilles' questions:

    Is this something you read about in a book, or did you reach this situation on a real machine?

    Noticed this while performing a lab in a book on a real machine.

    Is SELinux in use? 

    # sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

    Some Linux-on-Linux virtualisation?

    Yes. KVM/QEMU guest.

    I second Hello71's request, except please grep /tmp /proc/mounts

    Nothing matches.

    Also env | grep '^LD_' please.

    Nothing matches.

    Oh, and can we rule out active attacks

    Yes we can. I'm the only one that has access to this guest.

    • tcoolspy
      tcoolspy almost 13 years
      Can you give us the output of ls -al for /tmp and /tmp/users.txt?
    • Belmin Fernandez
      Belmin Fernandez almost 13 years
      Just added the file command before and after the IO redirects. Is that sufficient?
    • tcoolspy
      tcoolspy almost 13 years
      Please give us the full permissions view of the directory.
    • Belmin Fernandez
      Belmin Fernandez almost 13 years
      Adding that now. I am confused as to how that would be relevant. Can you explain please?
    • Hello71
      Hello71 almost 13 years
      mount | grep /tmp?
    • stribika
      stribika almost 13 years
      Try executing this from another shell: strace -p pid_of_shell Then in the first shell do the redirections and check what strace prints. For me the only difference is the O_TRUNC vs O_APPEND open mode. This way you can see if the shell actually calls write with the string you typed. If it does not open the file and does not write the text then your shell is buggy. If all open and write calls are OK then I don't know.
    • Belmin Fernandez
      Belmin Fernandez almost 13 years
      @Hello71 and @Gilles: Answered your questions above (this question's text is getting lengthy, my apologies). I will get to stribika's trace later today.
    • Aaron D. Marasco
      Aaron D. Marasco almost 13 years
      xxd /tmp/users.txt - what's in it? I'm gonna guess for some reason one gives a single LF.
    • greenoldman
      greenoldman almost 13 years
      What if you execute redirection twice in a row? Just curiosity, because my understanding is, the file was created after all, just without any content.
    • LiuYan 刘研
      LiuYan 刘研 almost 13 years
      I asked a similar question (SELinux + I/O Redirection), wish Riccardo Murri's answer help you too: unix.stackexchange.com/questions/14586/…
    • Damian Zborowski
      Damian Zborowski over 9 years
      You might want to check out this: unix.stackexchange.com/questions/25372/…
  • psusi
    psusi almost 13 years
    That doesn't explain why append works, but truncate doesn't. If the writes are being denied, then append should still leave the file empty.
  • AlexD
    AlexD almost 13 years
    On my system append doesn't work too. It could be explained by difference in SELinux policies between my CentOS and original system.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to stop Fork Bomb out of memory error - RHEL 6
/dev/tcp listen instead of nc listen
"Ambiguous output redirect" trying to send both stdout and stderr to mailx from a command sent to at
Redirect standard input dynamically in a bash script
why is this simple FOR LOOP in my Linux bash not working?
Variable scope for bash shell scripts and functions in the script
In Linux shell bash script, how to print to a file at the same line?
How to fill an array with values in a for loop
Why doesn't grep work if a file is not specified?
Rename multiple files in bash