Ability to run 5250 commands via .lst

Comments (18)

1. 

   Former user Account Deleted

   Mmm ... OBJAUT(*ALL), nothing PASE ... but ... general IFS related issues for PASE are best handled from PASE (chmod, chown).

   I would think are failing our chroot experience if we have to fall back to system for benign application like git.

   • 2015-07-28T22:13:36+00:00
2. 

   Aaron Bartell reporter

   general IFS related issues for PASE are best handled from PASE (chmod, chown).

   I started typing out a long response but then realized it might be better to make sure I am using the chmod and chown commands correctly. After using chroot_minimal.lst to create the chroot I issue the following:

   env_path=/QOpenSys/download/ibmichroot/spaces/e01
   chown -Rh E01:0 $env_path
   chmod 700 $env_path/home/E01/.ssh
   chmod 600 $env_path/home/E01/.ssh/id_rsa
   chmod 644 $env_path/home/E01/.ssh/id_rsa.pub
   touch $env_path/home/E01/.ssh/authorized_keys
   chmod 644 $env_path/home/E01/.ssh/authorized_keys
   

   I believe the chmod for .ssh is inconsequential concerning the git init permission issue. Does this look correct? If not, what else do I need to add/change?

   • 2015-07-29T13:13:51+00:00
3. 

   Former user Account Deleted

   well ... appears you have understanding of chmod, but for review ...

   chmod 750 dir-or-file
   7 - owner (chown profile)
   5 - group (group profile)
   0 - public (*PUBLIC profile)
   -- values --
   4 - 'read'
   2 - 'write'
   1 - 'execute'
   0 - 'no permission'
   

   Speaking generally, you should be able to setup git without resorting to anything OBJAUT(*ALL).

   • 2015-07-29T14:17:54+00:00
4. 

   Former user Account Deleted

   Part 2 ... however may be useful to include a :system directive to chroot_setup.sh.

   • 2015-07-29T14:21:06+00:00
5. 

   Former user Account Deleted

   Part 1 ... you did not post the actual error ... so guessing ... maybe permissions on actual SC1 inside chroot is to "tight".

   • 2015-07-29T14:24:51+00:00
6. 

   Aaron Bartell reporter

   Further laying out scenario...

   Outside of chroot I ran the following to give user E01 full ownership of all files/directories in chroot:

   chown -Rh E01:0 /QOpenSys/download/ibmichroot/e01
   

   In chroot, via ssh, permissions display as follows:

   $ echo $USER
   e01
   $ ls -all /
   total 176
   drwxr-xr-x    9 e01      0              8192 Jul 29 16:37 .
   drwxr-xr-x    9 e01      0              8192 Jul 29 16:37 ..
   drwxr-xr-x    5 e01      0              8192 Jul 29 16:36 QOpenSys
   lrwxrwxrwx    1 e01      0                34 Jul 29 16:36 bin -> /QOpenSys/usr/bin
   drwxr-xr-x    3 e01      0              8192 Jul 29 16:35 dev
   drwxr-xr-x    4 e01      0              8192 Jul 29 16:37 etc
   drwxr-xr-x    4 e01      0              8192 Jul 29 16:36 home
   lrwxrwxrwx    1 e01      0                34 Jul 29 16:36 lib -> /QOpenSys/usr/lib
   lrwxrwxrwx    1 e01      0                26 Jul 29 16:36 opt -> /QOpenSys/opt
   lrwxrwxrwx    1 e01      0                36 Jul 29 16:36 sbin -> /QOpenSys/usr/sbin
   drwxr-xr-x    2 e01      0              8192 Jul 29 16:37 tmp
   drwxr-xr-x    5 e01      0              8192 Jul 29 16:39 usr
   drwxr-xr-x    3 e01      0              8192 Jul 29 16:37 var
   

   DSPAUT of home directory:

                                 Display Authority                            
   
   Object . . . . . . . . . . . . :   /QOpenSys/download/ibmichroot/spaces/e01/home
   Type . . . . . . . . . . . . . :   DIR                                     
   Owner  . . . . . . . . . . . . :   E01                                     
   Primary group  . . . . . . . . :   *NONE                                   
   Authorization list . . . . . . :   *NONE                                   
   
                 Data     --Object Authorities--                              
   User        Authority  Exist  Mgt  Alter  Ref                              
   *PUBLIC     *RX                                                            
   E01         *RWX                                                           
   

   Now to attempt git init and produce permission error:

   $ pwd
   /home/E01
   $ mkdir dir1
   $ cd dir1
   $ git init
   error: Unable to create /home/E01/dir1/.git/HEAD
   warning: unable to unlink /home/E01/dir1/.git/HEAD.lock: Permission denied
   

   If I mkdir dir1, then CHGAUT of dir1 to be OBJAUT(*ALL), and then git init it works just fine.

   • 2015-07-29T14:54:45+00:00
7. 

   Former user Account Deleted

   We did not get to see the staet of /home/EO1 between steps ...

   $ pwd
   /home/E01
   $ ls -l
   $ mkdir dir1
   $ ls -l
   $ cd dir1
   ls -l
   
   $ git init
   

   • 2015-07-29T15:20:48+00:00
8. 

   Former user Account Deleted

   PART 2 -- integrated :system into chroot_steup.sh

   • 2015-07-29T15:29:21+00:00
9. 

   Aaron Bartell reporter

   Let me know if you need more.

   Also, when I do mkdir as profile aaron (my profile in non-chroot) it sets the OBJAUT to *ALL so my profile has full authority to make changes. This leads me to believe it has to do with defaults and how my non-chroot profile is initially creating the /home directory for user E01.

   $ pwd
   /home/E01
   $ mkdir dir1
   $ ls -l
   total 16
   drwxr-xr-x    2 e01      0              8192 Jul 29 17:22 dir1
   $ cd dir1
   $ ls -all
   total 32
   drwxr-xr-x    2 e01      0              8192 Jul 29 17:22 .
   drwxr-xr-x    4 e01      0              8192 Jul 29 17:22 ..
   $ git init
   error: Unable to create /home/E01/dir1/.git/HEAD
   warning: unable to unlink /home/E01/dir1/.git/HEAD.lock: Permission denied
   $ ls -all
   total 48
   drwxr-xr-x    3 e01      0              8192 Jul 29 17:23 .
   drwxr-xr-x    4 e01      0              8192 Jul 29 17:22 ..
   drwxr-xr-x    6 e01      0              8192 Jul 29 17:23 .git
   $ ls -all .git/
   total 136
   drwxr-xr-x    6 e01      0              8192 Jul 29 17:23 .
   drwxr-xr-x    3 e01      0              8192 Jul 29 17:23 ..
   -rw-r--r--    1 e01      0                23 Jul 29 17:23 HEAD.lock
   drwxr-xr-x    2 e01      0              8192 Jul 29 17:23 branches
   -rw-r--r--    1 e01      0                73 Jul 29 17:23 description
   drwxr-xr-x    2 e01      0             12288 Jul 29 17:23 hooks
   drwxr-xr-x    2 e01      0              8192 Jul 29 17:23 info
   drwxr-xr-x    4 e01      0              8192 Jul 29 17:23 refs
   

   • 2015-07-29T15:32:38+00:00
10. 

    Former user Account Deleted

    Mmm i may be little slow, but it looks like everything actually created, yes? So, are we simply concerned about the warning??

    $ git init
    error: Unable to create /home/E01/dir1/.git/HEAD
    warning: unable to unlink /home/E01/dir1/.git/HEAD.lock: Permission denied
    $ ls -all
    total 48
    drwxr-xr-x    3 e01      0              8192 Jul 29 17:23 .
    drwxr-xr-x    4 e01      0              8192 Jul 29 17:22 ..
    drwxr-xr-x    6 e01      0              8192 Jul 29 17:23 .git
    

    • 2015-07-29T15:51:35+00:00
11. 

    Aaron Bartell reporter

    It created, but when it attempted to unlink it couldn't because user E01 doesn't have *OBJEXIST authority. In the end the git repository wasn't successfully created. Below I create a file in /home/E01/dir1 and attempt git status to see it needs to be tracked, but it fails saying it isn't a git repo.

    $ echo 'something' > test.txt
    $ git status
    fatal: Not a git repository (or any of the parent directories): .git
    

    • 2015-07-29T15:55:26+00:00
12. 

    Former user Account Deleted

    We do not understand this issue yet, but ... This leads me to believe it has to do with defaults and how my non-chroot profile is initially creating the /home directory for user E01.

    I never addressed making /home dirs with chroot_setup.sh. I was always a bit concerned about /home anything from outside chroot (wrong user profile).

    What happens when you create /home from within chroot?

    • 2015-07-29T16:04:16+00:00
13. 

    Aaron Bartell reporter

    What I did to test:

    • Deleted directory /QOpenSys/download/ibmichroot/spaces/e01/home with *SECOFR
    • Logged into 5250 as user E01, did CALL QP2TERM to get a shell. My profile's HOMEDIR was still set to /QOpenSys/download/ibmichroot/spaces/./e01/home/E01 so I had to cd /QOpenSys/download/ibmichroot/spaces/e01
    • Then I did mkdir home and here are the results:

    ls -all                                                                              
    total 176                                                                            
    drwxr-xr-x    9 e01      0              8192 Jul 29 18:16 .                          
    drwxr-xr-x    3 aaron    0              8192 Jul 29 16:35 ..                         
    drwxr-xr-x    5 e01      0              8192 Jul 29 16:36 QOpenSys                   
    lrwxrwxrwx    1 e01      0                34 Jul 29 16:36 bin -> /QOpenSys/usr/bin   
    drwxr-xr-x    3 e01      0              8192 Jul 29 16:35 dev                        
    drwxr-xr-x    4 e01      0              8192 Jul 29 16:37 etc                        
    drwxrwxrwx    2 e01      0              8192 Jul 29 18:16 home                       
    lrwxrwxrwx    1 e01      0                34 Jul 29 16:36 lib -> /QOpenSys/usr/lib   
    lrwxrwxrwx    1 e01      0                26 Jul 29 16:36 opt -> /QOpenSys/opt       
    lrwxrwxrwx    1 e01      0                36 Jul 29 16:36 sbin -> /QOpenSys/usr/sbin 
    drwxr-xr-x    2 e01      0              8192 Jul 29 16:37 tmp                        
    drwxr-xr-x    5 e01      0              8192 Jul 29 16:39 usr                        
    drwxr-xr-x    3 e01      0              8192 Jul 29 16:37 var                        
    

    So basically the same results as before, including the DSPAUT settings.

    • 2015-07-29T16:25:21+00:00
14. 

    Former user Account Deleted

    After chat a few guys, what is the ls -all for the full 'outside' directory ...

    outside chroot
    cd /
    ls -all /
    cd /QOpenSys
    ls -all
    ... so on ...
    

    • 2015-07-29T16:28:41+00:00
15. 

    Aaron Bartell reporter

    See below. I omitted everything outside the path we are looking at.

    $ cd /
    $ ls -all
    drwxrwsrwx   11 qsys     0            241664 Jun 24 17:18 QOpenSys
    $ cd /QOpenSys/
    $ ls -all
    drwxr-xr-x    7 aaron    0             90112 Jul 22 02:16 download
    $ cd download
    $ ls -all
    drwxr-xr-x    3 aaron    0             28672 Jul 14 23:46 ibmichroot
    $ cd ibmichroot/
    $ ls -all
    drwxr-xr-x    3 aaron    0              8192 Jul 29 16:35 spaces
    $ cd spaces/
    $ ls -all
    drwxr-xr-x    9 e01      0              8192 Jul 29 18:16 e01
    

    • 2015-07-29T16:40:46+00:00
16. 

    Former user Account Deleted

    Argh ... well ... looks like you will have to hit IFS with big hammer name "CHGAUT OBJAUT(*ALL)".

    BTW -- yes, likely IBM i IFS bug when chroot (low use utility, well, until now).

    • 2015-07-29T16:57:48+00:00
17. 

    Aaron Bartell reporter

    BTW -- yes, likely IBM i IFS bug when chroot

    Should I be submitting a formal fix request or at the guys you were chatting with going to create a PMR?

    Also, I am going to change this issue to resolved.

    • 2015-07-29T18:06:26+00:00
18. 

    Aaron Bartell reporter

    • changed status to resolved

    Feature implemented by Tony.

    Potentially found IFS/PASE bug concerning defaulting OBJAUT in chroot.

    • 2015-07-29T18:07:19+00:00
19. Log in to comment