sudo rm not working... !? [solved]

Message

sven_sol · Post by **sven_sol** » Thu Nov 02, 2006 10:02 am

Ok, now I'm confused..

I'm using a script to remove the LDAP data folder for a fresh directory, but its not working...

sudo /usr/bin/rm -frv /var/lib/openldap-data/*

I've changed the ownership, I've changed the modes I've been verbose, silent, forced, recursive but it still not working. It works fine as root though - even if the service is running.

I can see it in the logs trying to do it, and I've tried using /usr/bin/rm and /bin/rm both of which are in the /etc/sudoers file.

ANY help would be nice!!

Cheers,

Sven.

Dlareh · Post by **Dlareh** » Thu Nov 02, 2006 10:04 am

Seeing the error-message/any-output of when it's run with sudo would be nice.

sven_sol · Post by **sven_sol** » Thu Nov 02, 2006 10:11 am

thats the thing, there is nothing there.

But, as requested...

Folder structure (after chowing and chmoding...)

Code: Select all

ls -l /var/lib/openldap-data/
total 560
-rw-rw-rw- 1 root root    793 Nov  2 09:43 DB_CONFIG
-rw-rw-rw- 1 root root  16384 Nov  2 09:43 __db.001
-rw-rw-rw- 1 root root 278528 Nov  2 09:43 __db.002
-rw-rw-rw- 1 root root  98304 Nov  2 09:43 __db.003
-rw-rw-rw- 1 root root 450560 Nov  2 09:43 __db.004
-rw-rw-rw- 1 root root  24576 Nov  2 09:43 __db.005
-rw-rw-rw- 1 root root   2048 Nov  2 09:53 alock
-rw-rw-rw- 1 root root   8192 Nov  2 09:53 dn2id.bdb
-rw-rw-rw- 1 root root  32768 Nov  2 09:53 id2entry.bdb
-rw-rw-rw- 1 root root  73791 Nov  2 09:53 log.0000000001
-rw-rw-rw- 1 root root   8192 Nov  2 09:43 objectClass.bdb

Code: Select all

sven@devsrv ~ $ sudo /usr/bin/rm -frv /var/lib/openldap-data/*
sven@devsrv ~ $ echo $?
0
sven@devsrv ~ $

and in the messages:

Code: Select all

Nov  2 10:08:01 devsrv sudo: sven : TTY=pts/5 ; PWD=/home/sven ; USER=root ; COMMAND=/usr/bin/rm -frv /var/lib/openldap-data/*

Dlareh · Post by **Dlareh** » Thu Nov 02, 2006 10:16 am

how about this way:

Code: Select all

ls -d /var/lib/openldap-data/* | xargs sudo /bin/rm -frv

sven_sol · Post by **sven_sol** » Thu Nov 02, 2006 10:18 am

might be on to something...

ls -d /var/lib/openldap-data/* | xargs sudo /bin/rm -frv
ls: /var/lib/openldap-data/*: Permission denied

hold on...

jcornez · Post by **jcornez** » Thu Nov 02, 2006 10:20 am

If the directory is not readable by the user who issues sudo, then bash will not be able to expand * into the list of files. That is, the bash glob expansion takes places as the normal user before sudo ever gets invoked.

Dlareh · Post by **Dlareh** » Thu Nov 02, 2006 10:23 am

Yeah that's it. So:

Code: Select all

chmod a+x /var/lib/openldap-data

or change sudoers to allow /bin/bash and use:

Code: Select all

sudo /bin/bash -c '/bin/rm -frv /var/lib/openldap-data/*'

sven_sol · Post by **sven_sol** » Thu Nov 02, 2006 10:30 am

Ok sorted!

Right, I chown/modded the permissions to 666 and root:root on the parent directory. so:

Code: Select all

devsrv ~ # /bin/chmod 0666 /var/lib/openldap-data -R
devsrv ~ # /bin/chown root: /var/lib/openldap-data -R

Code: Select all

sven@devsrv ~ $ ls -d /var/lib/openldap-data/* | xargs sudo /bin/rm -frv
ls: /var/lib/openldap-data/DB_CONFIG: Permission denied
ls: /var/lib/openldap-data/__db.001: Permission denied
ls: /var/lib/openldap-data/__db.002: Permission denied
ls: /var/lib/openldap-data/__db.003: Permission denied
ls: /var/lib/openldap-data/__db.004: Permission denied
ls: /var/lib/openldap-data/__db.005: Permission denied
ls: /var/lib/openldap-data/alock: Permission denied
ls: /var/lib/openldap-data/dn2id.bdb: Permission denied
ls: /var/lib/openldap-data/id2entry.bdb: Permission denied
ls: /var/lib/openldap-data/log.0000000001: Permission denied
ls: /var/lib/openldap-data/objectClass.bdb: Permission denied

So.. I changed to (as root)

Code: Select all

devsrv ~ # /bin/chmod 0777 /var/lib/openldap-data -R

then..

Code: Select all

sven@devsrv ~ $ ls -d /var/lib/openldap-data/* | xargs sudo /bin/rm -frv
removed `/var/lib/openldap-data/DB_CONFIG'
removed `/var/lib/openldap-data/__db.001'
removed `/var/lib/openldap-data/__db.002'
removed `/var/lib/openldap-data/__db.003'
removed `/var/lib/openldap-data/__db.004'
removed `/var/lib/openldap-data/__db.005'
removed `/var/lib/openldap-data/alock'
removed `/var/lib/openldap-data/dn2id.bdb'
removed `/var/lib/openldap-data/id2entry.bdb'
removed `/var/lib/openldap-data/log.0000000001'
removed `/var/lib/openldap-data/objectClass.bdb'

nice!
Thanks everyone...

Sven.

Sorry Dlareh, just read your post, changing permissions on the parent.. that worked

Dlareh · Post by **Dlareh** » Thu Nov 02, 2006 10:55 am

Heh, if you're willing to chmod the whole thing 0777 there's no need for sudo ;P

sven_sol · Post by **sven_sol** » Thu Nov 02, 2006 12:07 pm

a VERY good point!!