# [SOLVED] Hardened + Python 2 as normal user

## Tatsh

I am getting these error when non-root:

```

$ python2

Python 2.7.9 (default, Mar  7 2015, 00:25:13) 

[GCC 4.8.3] on linux2

Type "help", "copyright", "credits" or "license" for more information.

>>> import datetime

Traceback (most recent call last):

  File "<stdin>", line 1, in <module>

ImportError: /usr/lib64/python2.7/lib-dynload/datetime.so: failed to map segment from shared object: Permission denied

```

Compare with Python 3 which is the system Python:

```

$ python

$ python

Python 3.3.5 (default, Feb 21 2015, 20:13:03) 

[GCC 4.8.3] on linux

Type "help", "copyright", "credits" or "license" for more information.

>>> import datetime

```

I thought rebuilding might have been a solution but it appears any 2.7 binary module will just not load.

From the system log:

 *Quote:*   

> Mar 07 00:40:57 tatsh kernel: grsec: From 192.168.1.136: denied untrusted exec (due to being in untrusted group and file in non-root-owned directory) of /usr/lib64/python2.7/lib-dynload/datetime.so
> 
> 

 

Is there a solution besides joining the trusted group?Last edited by Tatsh on Mon Mar 09, 2015 10:24 am; edited 1 time in total

----------

## Apheus

Check the ownership and permissions of /usr/lib64/python2.7/lib-dynload/datetime.so 

Execution of code from files/directories not writable by the user should be allowed. I have hardened-sources and TPE too, and "import datetime" works for me.

```
$ ls -l /usr/lib64/python2.7/lib-dynload/datetime.so 

-rwxr-xr-x 1 root root 116368 28. Dez 18:35 /usr/lib64/python2.7/lib-dynload/datetime.so

$ ls -ld /usr/lib64/python2.7/lib-dynload/

drwxr-xr-x 1 root root 1484 28. Dez 18:36 /usr/lib64/python2.7/lib-dynload/
```

----------

## Tatsh

 *Apheus wrote:*   

> Check the ownership and permissions of /usr/lib64/python2.7/lib-dynload/datetime.so 
> 
> Execution of code from files/directories not writable by the user should be allowed. I have hardened-sources and TPE too, and "import datetime" works for me.
> 
> ```
> ...

 

Thanks. That fixed it. I have no idea why the ownership on 

```
/usr/lib64/python2.7/lib-dynload/
```

 was set to tatsh:tatsh. I set it to root:root and now no issues.

----------

