2

I am wondering if this is behavior due to SELinux or something else.

I have a deploy script that I run and inside, I had sudo chmod +x /etc/rc.local, and some lines later I echo some startup commands, grep "startupcmd" /etc/rc.local || sudo echo "startupcmd &" >> /etc/rc.local

I found that this would always leave my /etc/rc.local non-executable.

I puzzled over it, then I thought Linux was somehow magically doing this to help me. So I move the chmod +x to the end of the file, and it works great now.

This was experienced on a Raspberry Pi 2 Debian (Raspbian), by the way. (which does not appear to have any SELinux set up)

Steven Lu
  • 2,282
  • 2
    I woudn't know about that but your sudo usage is strange (sudo echo...) I think that your script is running as root otherwise the redirection wouldn't work - so sudo seems useless. – cadrian Jun 03 '15 at 05:49
  • 3
    I can't reproduce. I know in some cases if you modify a file with the s bit set, then changing the file will reset that bit. If selinuxenabled && echo Is enabled returns nothing, SELinux is disabled. (However, being enabled, it might be set to permissive.) Also, I'm quite sure SELinux cannot be used to change the permissions of a file -- only deny the concatenate operation or future attempts to execute (regardless of bit). – Otheus Jun 03 '15 at 08:41
  • Could you let us know your filesystem? do df -Th /etc – Huygens Jun 03 '15 at 11:00
  • @Huygens it is ext4. It says Filesystem /dev/root is mounted on / – Steven Lu Jun 03 '15 at 16:00
  • @cadrian There does seem to be some non typical sudo behavior. If I do not write sudo for the echo that appends the line, it fails there. Indeed if i need to run the script sudo, then I would not need any sudo inside the script. Note also, at no time that sudo is used is the user's password ever requested. – Steven Lu Jun 03 '15 at 16:01
  • There's no such mechanism. Your script must be doing something else, or there's another program modifying the permissions or something. You'll need to investigate more and tell us more about what's happening. You can put an audit rule on the file to watch what happens to it. – Gilles 'SO- stop being evil' Jun 03 '15 at 21:11
  • OK, Yeah I'll dig into it when I can. – Steven Lu Jun 04 '15 at 00:52
  • They are right, doing sudo to echo is meaningless, echo only output something to the standard output and doing it as root or your own user won't change things. Usually you want to do sudo bash -c 'echo "startupcmd &" >> /etc/rc.local' or echo "startupcmd &" | sudo tee -a /etc/rc.local Those 2 commands will add the echoed data to the rc.local file, and it will be add by root. – Huygens Jun 04 '15 at 18:25
  • Okay. I think it is very likely that I had a brain fart and the sudo chmod +x line was being ineffectual in that I would need to run sudo bash -c 'chmod +x /etc/rc.local' – Steven Lu Jun 05 '15 at 02:58

0 Answers0