The root cannot write to or read from regular files even with those specified permissions.
# cp the.file /tmp/the.file.bk cp: cannot open ‘the.file’ for reading: Permission denied # lsattr the.file lsattr: Permission denied While reading flags on the.file # rm -rf the.file rm: cannot remove ‘the.file’: Permission denied # file the.file the.file: regular file, no read permission ls -laZ the.file -rw-r--r-- root root ? the.file cat -vET the.file cat: the.file: Permission denied
There is third-party software running according to a check of the system processes, which prevents any modification of a particular file or list of files.
The /boot/grub2/grub.cfg file was monitored by the third-party software “Digital Guardian,” preventing any changes.
[root@server ~]# file /boot/grub2/grub.cfg /boot/grub2/grub.cfg: regular file, no read permission [root@server ~]# ls -laZi /boot/grub2/grub.cfg -rw-r--r-- root root ? /boot/grub2/grub.cfg [root@server ~]# cat -vET /boot/grub2/grub.cfg cat: /boot/grub2/grub.cfg: Permission
As a solution, stopping both Digital Guardian services partially addresses the issue. Verify the list of files being watched by contacting Digital Guardian’s third-party provider so that you can allow read-write access as needed.
dgdaemon and dgagent, services that keep track of a group of system files, are operating on the system. A library that stops files from being moved, copied, renamed, or deleted from the system is being preloaded by this service.
The following commands stop dgagent and dgdaemon services on the CentOS server.
systemctl stop dgagent.service systemctl stop dgdaemon.service
The following output will be displayed.
* dgagent.service - LSB: Shutdown dgagent Loaded: loaded (/etc/rc.d/init.d/dgagent; bad; vendor preset: disabled) Active: active (exited) since Wed 2022-05-25 14:31:52 EDT; 1h 28min ago Docs: man:systemd-sysv-generator(8) Process: 1905 ExecStart=/etc/rc.d/init.d/dgagent start (code=exited, status=0/SUCCESS) Memory: 0B * dgdaemon.service - Digital Guardian Loaded: loaded (/etc/systemd/system/dgdaemon.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2022-05-25 14:31:44 EDT; 1h 28min ago Process: 577 ExecStart=/dgagent/dgstart (code=exited, status=0/SUCCESS) Main PID: 592 (dgdaemon) Memory: 115.4M CGroup: /system.slice/dgdaemon.service |- 592 dgdaemon --bindir=/dgagent --datadir=/dgagent --loader `-1636 /dgagent/dgwipd -basedir /dgagent/dgwip/V3.cfg//
Mainly, the issue was discovered when a fresh grub.cfg file attempted to be generated, and the grub2-mkconfig command failed with a ‘Permission denied’ message.
# grub2-mkconfig -o /boot/grub2/grub.cfg Generating grub configuration file ... Found linux image: /boot/vmlinuz-3.10.0-1160.59.1.el7.x86_64 Found initrd image: /boot/initramfs-3.10.0-1160.59.1.el7.x86_64.img error: cannot read `/dev/sda': Invalid argument. error: cannot read `/dev/sda': Invalid argument. /usr/sbin/grub2-probe: error: cannot find a GRUB drive for /dev/sda1. Check your device.map. Found linux image: /boot/vmlinuz-0-rescue-9870dab913584050b4faf1d51c345666 Found initrd image: /boot/initramfs-0-rescue-9870dab913584050b4faf1d51c345666.img error: cannot read `/dev/sda': Invalid argument. error: cannot read `/dev/sda': Invalid argument. /usr/sbin/grub2-probe: error: cannot find a GRUB drive for /dev/sda1. Check your device.map. /usr/sbin/grub2-mkconfig: line 290: /boot/grub2/grub.cfg: Permission denied