Bash – Why does redirection (>) not work sometimes but appending (>>) does

bashio-redirectionlinuxrhelshell

While studying for the RHCE, I came across a situation where stdin redirection does not work in bash:

# file /tmp/users.txt
/tmp/users.txt: cannot open `/tmp/users.txt' (No such file or directory)  
# semanage login -l > /tmp/users.txt
# file /tmp/users.txt
/tmp/users.txt: empty

However, this works:

# file /tmp/users.txt
/tmp/users.txt: cannot open `/tmp/users.txt' (No such file or directory)
# semanage login -l >> /tmp/users.txt
# file /tmp/users.txt
/tmp/users.txt: ASCII text

Why is this the case?

1st Update:

Permissions:

# ls -ld /tmp
drwxrwxrwt. 8 root root 4096 Jul 17 15:27 /tmp

ACLs (not an ACL mount but just in case):

# getfacl /tmp
getfacl: Removing leading '/' from absolute path names
# file: tmp
# owner: root
# group: root
# flags: --t
user::rwx
group::rwx
other::rwx

And I'm performing all commands as root (hence the hash prompt).

2nd Update

Per Caleb, full permissions listing of /tmp:

# ls -al /tmp
total 40
drwxrwxrwt.  8 root    root    4096 Jul 17 15:37 .
dr-xr-xr-x. 26 root    root    4096 Jul 17 15:07 ..
drwx------.  2 melmel  melmel  4096 Jul 16 21:08 .esd-500
drwxrwxrwt.  2 root    root    4096 Jul 17 15:07 .ICE-unix
drwx------.  2 gdm     gdm     4096 Jul 17 15:08 orbit-gdm
drwx------.  2 gdm     gdm     4096 Jul 17 15:07 pulse-5E9i88IGxaNh
drwx------.  2 melmel  melmel  4096 Jul 16 21:08 pulse-329qCo13Xk
-rw-------.  1 root    root       0 Jul 16 14:32 tmpXd9THg
-rw-------.  1 root    root       0 Jul 16 12:55 tmpie0O98
-rw-------.  1 root    root       0 Jul 16 20:23 tmpr10LrK
-r--r--r--.  1 root    root      11 Jul 17 15:07 .X0-lock
drwxrwxrwt.  2 root    root    4096 Jul 17 15:07 .X11-unix
-rw-r--r--.  1 root    root     865 Jul 16 20:20 yum.conf.security
-rw-------.  1 root    root       0 Jul 10 14:57 yum.log

3rd Update:

Per Hello71:

# mount | grep /tmp
# mount | grep -w '/'
/dev/mapper/vg_svr-tap-lv_root on / type ext4 (rw)

Answers to Gilles' questions:

Is this something you read about in a book, or did you reach this situation on a real machine?

Noticed this while performing a lab in a book on a real machine.

Is SELinux in use?

# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

Some Linux-on-Linux virtualisation?

Yes. KVM/QEMU guest.

I second Hello71's request, except please grep /tmp /proc/mounts

Nothing matches.

Also env | grep '^LD_' please.

Nothing matches.

Oh, and can we rule out active attacks

Yes we can. I'm the only one that has access to this guest.

Best Answer

It is probably bug in SELinux policy with regards to semanage binary (which has its own context semanage_t) and /tmp directory, which has its own context too - tmp_t.

I was able to reproduce almost same results on my CentOS 5.6.

# file /tmp/users.txt 
/tmp/users.txt: ERROR: cannot open `/tmp/users.txt' (No such file or directory)
# semanage login -l  >  /tmp/users.txt
# file /tmp/users.txt 
/tmp/users.txt: empty
# semanage login -l  >>  /tmp/users.txt
# file /tmp/users.txt 
/tmp/users.txt: empty

When I tried to use file in different directory I got normal results

# file /root/users.txt
/root/users.txt: ERROR: cannot open `/root/users.txt' (No such file or directory)
# semanage login -l  >  /root/users.txt
# file /root/users.txt
/root/users.txt: ASCII text

Difference between /tmp and /root is their contexts

# ls -Zd /root/
drwxr-x---  root root root:object_r:user_home_dir_t    /root/
# ls -Zd /tmp/
drwxrwxrwt  root root system_u:object_r:tmp_t          /tmp/

And finally, after trying to redirect into file in /tmp I have got following errors in /var/log/audit/audit.log

type=AVC msg=audit(1310971817.808:163242): avc:  denied  { write } for  pid=10782 comm="semanage" path="/tmp/users.txt" dev=dm
-0 ino=37093377 scontext=user_u:system_r:semanage_t:s0 tcontext=user_u:object_r:tmp_t:s0 tclass=file
type=AVC msg=audit(1310971838.888:163255): avc:  denied  { append } for  pid=11372 comm="semanage" path="/tmp/users.txt" dev=d
m-0 ino=37093377 scontext=user_u:system_r:semanage_t:s0 tcontext=user_u:object_r:tmp_t:s0 tclass=file

Interesting note: redirecting semanage output to pipe works OK

#semanage login -l  | tee /tmp/users.txt > /tmp/users1.txt
# file /tmp/users.txt 
/tmp/users.txt: ASCII text
# file /tmp/users1.txt 
/tmp/users1.txt: ASCII text

Related Solutions

Bash – Removing redirection operator does not change output. Why

Many utilities which work with files will accept stdin (standard input) as streamed input, or accept the file-name as a parameter.. Your < file examples are redirecting the output of the file to the utility. The file was opened by the shell and passed on to your utility via stdin ..

On the other hand, with cat file, cat is handling the opening and reading of file, and no redirection is involved.

ls never reads a file, therefore it does not take a file name as a parameter with a view to opening and reading the file.. (it accepts file-name masks) ... For ls, the redirection action is, in effect, ignored because nothing in the process reads the shell-opened file...

To determine how any utility behaves, just type man utility-name in the terminal... man is a contraction of manual ... eg. man cat presents you with cat's manual

Bash – Why Grep Doesn’t Work with Redirection

I get the same behavior that you describe. On Ubuntu 11.10

top | grep "my_program" > top.log

does not produce any output.

I believe the reason for this is that grep is buffering its output. To tell GNU grep to spit out output line-by-line, use the --line-buffered option:

top | grep --line-buffered "my_program" > top.log

See also this SO question for other potential solutions.

Best Answer

Related Solutions

Bash – Removing redirection operator does not change output. Why

Bash – Why Grep Doesn’t Work with Redirection

Related Question