running apps from the terminal
 

Hello,

I recently installed some monitoring apps for fun on one of our imacs. I just want to monitor bandwidth and network traffic over our LAN here at work. Mostly to see if any spyware is running in the background of any of our local work stations. We limit bandwidth through a squid proxy here, and if any spyware is eating any of it up, it makes it more limited. So I installed this application, and it installs into the /usr/local directory. Well, I cannot run the app. It says permission denied. I tried to do a sudo chmod to the directory to allow me to access it, and it seems to work. I hit enter and I do not get any error messages at all from it. But when I try running it from the terminal I still do not have permission to access the /usr/local directory. What am I doing wrong here?

Thanks in advance for all help!

PS: imac 17in flat panel/1Ghz/512/80/combo/10.2.6

Which app/apps?

need more details
 

You are being confusing.
Normally the /usr/local directory and the /usr/local/bin directory are world readable and searchable. No chmod needed.
What are your permissions?

ntop, and a few others, I cant remember them right now and I am not right in front of that imac. just network/bandwidth monitoring tools

Here are my permissions
My account is an admin account, still permission denied when i run /usr/local/ntop

how did user/group/world execute (x) access get disabled?

you should run permissionsRepair on that rig.

but to fix /usr/local immediately:

x access on a dir allows a user to access the contents.

you may also need to examine the bin dir

has anyone been fiddling with this rig's modes?

i repeat: run permissionsRepair and examine the results

search permissions
 

A directory needs to have "search permissions" in order that you can access the files in it.
See this tutorial page:
http://www.ee.surrey.ac.uk/Teaching/Unix/unix5.html

Since /usr/local is usually created with the correct permissions, you must have changed it. It is now (according to your report) lacking search permissions.
You need to do
sudo chmod +x /usr/local

I did a
I dont get any error messages when doing this at all, it seems to run. However, when I run this:
I still get permission denied. I must be doing something wrong. This comp has like 5 or 6 other users on it. I guess I should use the repair permissions utility? Anything else you guys can think of?

i really doubt the executable is at /usr/local/ntop

let's be very thorough here.

where is the command?

/usr/local/bin/ntop ?

is the command executable?

is /usr/local/bin executable?


and, i was wrong, permissionsRepair isn't going to touch anything in /usr/local

you'll need to examine the path to the command for appropriate modes

The readme for the install says it installs it in the usr/local directory. If I do a ls /usr/local ntop is in that directory. I ran repair permissions utility it fixed some permissions. I am going to try to see if it works now.

Now after fixing permissions with the commands. I can access /usr/local/ntop directory, but when I do ls /usr/local/ntop to find the executeable I get permission denied. When I do ls -ld /usr/local/ntop I get:

??? The leading d means it's a directory. But you don't have read permissions on it? sudo chmod ug+r /usr/local/ntop, then try cding into /usr/local/ntop/ and see if the ntop binary is there.

now I can cd into the /usr/local/ntop directory. When I run ls in the directory I still get permission denied? I am pretty confused now on whats going on.

need read and execute access for dirs
 

well, since you are probably not root or in group wheel, i think maybe give "other" read access is warranted here.

chmod o+r /usr/local/ntop

i have a feeling your ntop install is a flop. it's rather bad form for a 3rd party utility to require its own path. where is your ntop distro from?

tom, you should read a few paragraphs about unix file modes, permissions and user/group/other somewheres out there.

i think i agree with you merv. anyone want to recomend to me a good network monitoring app? one that would track traffic and bandwidth. Thanks for all your help guys, I think ntop is probably no good.

yeah i have been trying to brush up on my unix, i purchased like 4 or 5 books last week. i have not read up much on permissions yet.

ntop can be installed via fink.

Also note - any app run from a unix box that puts an ethernet interface into promiscuous mode must be run as root or via sudo.

Fink has a number of terrific network monitoring apps.

NOTE - monitoring a network has very numerous privacy, moral and legal ramifications. Please know what you are doing and don't experiment on a network that is not yours. If other people operate on your network let them know what you're doing.

Hugh

ps - Some O'Reilly Titles to get you started:

http://www.oreilly.com/catalog/80211security/
http://www.oreilly.com/catalog/nettroubletools/
http://www.oreilly.com/catalog/tcp3/

Thanks for all your help and concerns. We are just monitoring 5 or 6 machines that are not crucial to our company and are on a seperate subnet. This is both a learning project for me and the admin, as well as a way to monitor these machines that are widely used by many users in a specific deptartment. Just monitoring to make sure no one is abusing their privilages using company equipment, and so forth. Both the local admin and I are a bit new to unix (he is a microsoft and novell guy). We both have used linux in the past but not extensively, so we thought we would try OS X (since we have a tons of macs). I know the basics but still get confused sometimes, so again I appreicate all your guys help.

Thanks a ton,
tom

IANAL :)

Get permission from the owner of the network and let any users that are being monitored know they are being monitored. I can't over-emphasize this.

If I found you doing what you're contemplating on my network without permission I would fire you and possibly prosecute depending on what you were monitoring. If I were a user on your network and you were monitoring me without letting me know I would sue and/or quit. Some things are just non-negotiable.

As the guy who controls the gateways you have an awesome power in your company. You must exercise the upmost in integrity with that responsibility. ie you must be above reproach. I understand you're just learning about these tools. As you find out more about them you'll understand what I'm talking about. In the meantime - you're better off setting up a network at your house and learning there.

NOTE - this is not a rant. :) As I said above, you'll know what I mean as you learn what you can do.

Hugh

echo hugh's sentiment. above reproach, high moral integrity, and, above all, CYA!

I agree with you. no one is secretly being monitored here. every user signs agreements about what they can and can't do with company equipment, and it states in that agreement that systems may be monitored. I am monitored from our home office on everything I do. I am not doing this with out permission either. Its the admin's idea, and he has permission from everyone higher than him to do this. He just doesn't know macintosh at all, and I being the only mac tech in our deptartment is helping him a bit. This is in no way meant to be an attack on anyone. Not to mention you think I want to bust some user for downloading porn or something? No I have better things to do with my time here at work. I can honestly almost care less about what users do what on the internet, but my bosses do. I totally understand what you are saying, and if it ever became a huge deal where I would not morally want to work for this company anymore I would quit. Rules and policies are rules and policies. Everyone who works here reads through them and signs an agreement and is aware of the don'ts and consequences. If it were secretly spying on employees it would be wrong. I am going to assume your work place has similar policies. To be honest this place is not as strict as the last place I worked for. This run is basically a test for the admin, and I am sure if it works out it will soon be on the whole network, which is why the bosses gave him permission to do this.

So to let you know none of you are assisting me in any kind of evil computer acts, nor would I try this unless I was told to by the boss.

Monitoring is evil. If a company can't trust their employees, then there is a larger problem. /soapbox

yeah well I think they are doing it to cut down on internet abuse, kazaa etc. There was a problem recently where one unit got a trojan from kazaa and it got around all over the network. Needless to say the bosses were angry, and the admin traced it back to a unit that was indeed running kazaa.

Ah, that explains it...
I would have to say folks running P2P on the companies network is a totally diferent thing than surfing the net for a few minutes each hour.

indeed, there is a larger problem...
 

monitoring is a necessary evil because some (perhaps only a few, perhaps many) people have no honesty or integrity or responsibility and can't be trusted and ruin it for those of us who do.

beware with fear and dread: M$ Colonoscope Integrity Monitor v1.0 beta :D

Punish many for the actions of a few?

throughout the ages, this is called "Democracy"

I'll stop, so the thread can stay out of the coat room. ;)

I look at it in this perspective. If I were an admin, and users were abusing their rights to company equipment which made my job way more hard than it should be, I would be frustrated. Then the admin has bosses yelling at him to keep the network up, when stuff like this happens. So in a perfect world we would not have firewalls, encrypted data, or monitoring software, but that is just not the case.

In certain instances, this is a necessity.