-1

I have a minor complex command using a pipe

python3 wlan.py -p taken | awk '{$10 = sprintf( "%.1f", $10 / 60); print $4 $6 $8 $10 ",min"}' | awk '{gsub(/,/," ");print}' >> /tmp/missed.log

and I get a permission error if this command is executed from a program but not from the command line (sudo). So, obviously there is an issue with the rights of the program. I have set the rights of python and awk to 777 to no avail. But the main question is: What are the rights of the >> command and how can I change them?

the error message is "writing missed.log - permission denied".

SiKing
  • 10,003
  • 10
  • 39
  • 90
Andreas
  • 1
  • 1
  • Why do you not include the error messages? – Jdamian Feb 01 '17 at 15:19
  • please include an example of how you run the code and the output(error)!!!! – ayyoob imani Feb 01 '17 at 15:22
  • You say you have granted permissions to the `python and ···`. What does that mean? `python3` binary or python file `wlan.py`? – Jdamian Feb 01 '17 at 15:37
  • Sorry for the mistake I made and the missing information. First, I forgot the pipe command >> that is added now. Second, I ran "sudo chmod 777" on wlan.py, python3 as well as awk, but not on >>. Lastly, the error message is "writing missed.log - permission denied". – Andreas Feb 02 '17 at 16:19
  • Show output of `ls -l /tmp/missed.log`. Obviously that is the **only** thing that needs to have permissions changed. – SiKing Feb 02 '17 at 17:21
  • `... | sudo tee -a /tmp/missed.log >/dev/null` would be one typical way to handle this, if for some reason you want to escalate privileges for the (last stage of the) pipeline rather than establishing more permissive permissions for the file. – Charles Duffy Feb 02 '17 at 18:05
  • The output of ls -al on the main level is drwxrwxrwt 11 root root 4096 Feb 3 13:17 tmp and there is no file missing.log in that directory. The "program" I am running is a Perl server that belongs to the group dialout and is called FHEM. It has no root priviliges and if I am adding "sudo" to my command it crashes. – Andreas Feb 04 '17 at 12:58

1 Answers1

0

File access in a Unix-like environment is tied to who you are, not what programs you run.* When you run sudo python3 ..., you are changing who you are to a more privileged user for the duration of the python3 command. Once Python stops running, you are back to your normal self. Imagine that sudo is Clark Kent taking off his glasses and putting on his cape. Once the badguys have been defeated, Superman goes back to an ordinary Joe.

Your error message indicates your normal user account does not have the necessary permissions to access / and /tmp, and to write /tmp/missed.log. The permissions on wlan.py and /usr/bin/python3 aren't the issue here. I can think of four options (best to worst):

  1. Put the output file somewhere other than in /tmp. You should always be able to write your home directory, so you should be able to run without sudo, with > ~/missed.log instead of > /tmp/missed.log.
  2. When you run your pipeline "from a program," as you said, just include the sudo as if you were running it from the command line. That way you get consistent results.
  3. Add yourself to the group owning /tmp. Do stat -c '%G' /tmp. That will tell you which group owns /tmp. Then, if that group is not root, do usermod -a -G <that group name> <your username>.
  4. Change the permissions on /tmp. This is the bludgeon: possible, but not recommended. sudo rm -f /tmp/missed.log and sudo chmod o+rwx /tmp should make it work, but may open other vulnerabilities you don't want.

* Ignoring setuid, which doesn't seem to be the case here.

cxw
  • 16,685
  • 2
  • 45
  • 81