6

I am using chkroot to scan my system and it gave me permission denied error

/proc/23746/fd/0: Permission denied
/proc/23746/fd/1: Permission denied
/proc/23746/fd/2: Permission denied
/proc/23746/fd/3: Permission denied
/proc/23746/fd/5: Permission denied
/proc/23746/fd/8: Permission denied
/proc/23746/fd/11: Permission denied






[/proc/23746/fd]# ls -liah
/bin/ls: cannot read symbolic link 0: Permission denied
/bin/ls: cannot read symbolic link 1: Permission denied
/bin/ls: cannot read symbolic link 2: Permission denied
/bin/ls: cannot read symbolic link 3: Permission denied
/bin/ls: cannot read symbolic link 5: Permission denied
/bin/ls: cannot read symbolic link 8: Permission denied
/bin/ls: cannot read symbolic link 11: Permission denied
total 0
1489109001 dr-x------ 2 root root  0 Oct  8 10:46 ./
1489108994 dr-xr-xr-x 4 root root  0 Oct  8 10:46 ../
1489141760 lrwx------ 1 root root 64 Oct  8 10:48 0
1489141761 lrwx------ 1 root root 64 Oct  8 10:48 1
1489141771 lr-x------ 1 root root 64 Oct  8 10:48 11
1489141762 lrwx------ 1 root root 64 Oct  8 10:48 2
1489141763 lrwx------ 1 root root 64 Oct  8 10:48 3
1489141765 lr-x------ 1 root root 64 Oct  8 10:48 5
1489141768 l-wx------ 1 root root 64 Oct  8 10:48 8

What should i do fix them

  • What makes you think that the permissions they have are incorrect? What user are you running this command as? – EEAA Oct 08 '10 at 01:24
  • @ErikA I believe the OP thinks he/she [may have been root'd](http://serverfault.com/questions/188436/how-to-view-linux-hidden-process-and-remove-rootkit) but is, perhaps, reluctant to wipe the server and restore from backup. – jscott Oct 08 '10 at 01:30
  • I was thinking if somehow i can remove those lines because it was showing the output and i was getting mail evrytime the cron job runs. i used command chkrootkit |grep infected. But those lines also come in email even if something is not infected so i was thining if i can fix those issues and get email only if something is infceted –  Oct 08 '10 at 01:41
  • @jscott, ahh I see. Perhaps that is the case. – EEAA Oct 08 '10 at 14:57
  • 3
    Have you fixed this problem? I have the same for CentOS 6.6. fuser command fails with 'Cannot stat file /proc/404/fd/0: Permission denied' – malvikus Mar 12 '15 at 19:26
  • I found "permission denied" even as root when I was working inside of a container (because all processes are ultimately owned by the host). – JellicleCat Feb 11 '22 at 18:32
  • @JellicleCat THANK YOU!! This simple comment leads me to solve the problem. I simply use ```ps aux | grep ``` outside the container (in host's terminal) and its done! The /proc/xyz/fd/* is mine ! – Magno C Sep 06 '22 at 12:10

3 Answers3

1

I am seeing this too when i try and check out file descriptors for my own users process. From what I can tell, it is a cheap work around for a security hole in the /proc file system that allows you to open up files via /proc/$pid/fd bypassing the permissions. It seems they just made all file descriptors in proc owned by root.

I can do this fine on ubuntu, but not CentOS.

You can read about it here: http://lwn.net/Articles/359286/

Zach
  • 11
  • 1
0

As @JellicleCat said in comments, if you're in a Docker container (like me) just go to host's terminal. The container processes belongs to it.

Magno C
  • 103
  • 3
-2

That's okay: you can't access resources of processes that are not yours (unless you're root)

kolypto
  • 10,738
  • 12
  • 51
  • 66