Thank you Lou, you have confirmed our fears (and suspected madness) that the service runs as root. We're quite surprised to see this as running services as root is quite a security flaw.
What we're seeing is the inability to modify config templates when we log onto our netsight server using our locally configured personal accounts (for accountability). I imagine that until (or if) Enterasys install this server/service as an user other than root, we will have to change the group permissions and allow our network admins membership to that group. Again my thanks, we now have a direction in which to work. Sincerely, Jolyon Ansuz +61 4 1273 5836 "Most of the things worth doing in the world had been declared impossible before they were done.", Louis D. Brandeis ...sent from a mobile device... On 19/04/2010, at 13:49, "Lou H. Goddard" <[email protected]> wrote: > Greetings, > > Can you find out what the Netsight server runs as? > > My machine has some Java components running as root and some mysql > processes running as user mysql. > > I just did a ls -latR on /usr/local/Enterasys_Networks. > > All of the permissions were root.root. > > This is not recommended, but if you really...really need to fix a > permissions problem you could make it world readable and writable. > That is not a permanent fix and not considered best practices. > > Sorry I couldn't help more. > > Thanks, > > Lou Goddard > > Network Engineer > > 302-552-8053 > > [email protected] > > ----- Original Message ----- > From: Jolyon Ansuz <[email protected]> > Sent: Sun, 4/18/2010 10:49pm > To: Enterasys Customer Mailing List <[email protected]> > Subject: [enterasys] File permissions for linux/switch templates > > Hello all, > > Does anyone know the file permissions required for Netsight Suite > (3.2.2.39) to write files to the hosting server (Redhat Server) > please? I'm pretty sure that it's not meant to be root/root. > > * Using Netsight Inventory Manager, files are unable to be written > to the disk. > > * Using the CLI, files are able to be written vi SUDO VI. > > Directory information: > -rw-r--r-- 1 root root 3480 Apr 19 12:33 File1.tpt > -rw-r--r-- 1 root root 3563 Apr 19 12:33 File2.tpt > -rw-r--r-- 1 root root 3704 Apr 19 12:33 File3.tpt > > Sincerely, > > Jolyon Ansuz > > Communications Systems Officer > Infrastructure Services Group (Networks) > IT Directorate > University of New England > Armidale NSW 2351 > > P: +61 2 6773 3568 > F: +61 2 6773 3424 > > This message contains confidential information and is intended only > for the individual named. If you are not the named addressee you > should not disseminate, distribute or copy this e-mail. Please > notify the sender immediately by e-mail if you have received this e- > mail by mistake and delete this e-mail from your system. > > E-mail transmission cannot be guaranteed to be secure or error-free > as information could be intercepted, corrupted, lost, destroyed, > arrive late or incomplete, or contain viruses. The sender therefore > does not accept liability for any errors or omissions in the > contents of this message which arise as a result of e-mail > transmission. If verification is required please request a hard-copy > version. > > "Most of the things worth doing in the world had been declared > impossible before they were done.", Louis D. Brandeis > > > > > --- > To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] > > > > ------------------ CONFIDENTIALITY NOTICE --------------- > > This message, including any attachments, is for the sole use of the > intended recipient(s) and may contain privileged confidential > information > protected by law. Any unauthorized review, use, disclosure or > distribution > of this message is prohibited. If you are not the intended > recipient, please > contact the sender by reply e-mail and destroy all copies of this > message. > > ------------------ CONFIDENTIALITY NOTICE --------------- > -------- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. > > > --- > To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
