On 6/6/07, Roland Mainz <[EMAIL PROTECTED]> wrote:
The same way as the native command works...
> Surely ksh93 doesn't install setuid by default...
Solaris "chown" isn't a setid application:
-- snip --
$ ls -l /usr/bin/chown
-r-xr-xr-x 1 root bin 13196 Mar 25 16:58 /usr/bin/chown
-- snip --
> Does it try to use the builtin then try chown in $PATH if it gets
> EPERM?
No... why should it call the native version in that case ?
Of course chown isn't and shouldn't be setuid. It is up to the kernel
to enforce that policy. Duh! I really don't know where I came up
with that at...
> I've recently been burned by this one. lucreate or luupgrade (I
> forget which) blew up due to missing -p and having some questionable
> stuff in the file pointed to by $ENV.
See
http://mail.opensolaris.org/pipermail/shell-discuss/2007-June/000470.html
- are you _sure_ that the script set in ENV is executed _within_ the
"lucreate"/"luupgrade" scripts ?
The way that I debugged the problem was by iteratively clearing
environment variables (or setting to sane values). For example, after
performing a normal login with an inappropriately customized root
environment (right down to exec /bin/ksh in .profile):
LD_LIBRARY_PATH= lucreate ...
LD_LIBRARY_PATH= PATH=/usr/bin:/usr/sbin lucreate ...
. . .
LD_LIBRARY_PATH= PATH=/usr/bin:/usr/sbin ... ENV= lucreate ...
The actual lucreate command was:
# lucreate -c 'S9_2006Q1_s0' -l /var/tmp/lucreate.`date +%m%d%y` \
-m /:d30:ufs,preserve -n 'S9_2006Q4_s3'
And the very unhelpful error encountered was:
Comparing source boot environment <S9_2006Q1_s0> file systems with the
file system(s) you specified for the new boot environment. Determining
which file systems should be in the new boot environment.
ERROR: At least one option from <-A, -f, -n> must be specified.
USAGE: ludesc [ -X ] [ -l error_log ] [ -o outfile ] ( -A
BE_description | -n BE_name [ -f ( - | BE_description_file ) |
BE_description ] | -f ( - | BE_description_file ) )
INFORMATION: Any BE_name or BE_description should be enclosed in single quotes.
ERROR: Cannot delete existing description for new boot environment.
I love that INFORMATION message. It's nice that helpful hints coming
from Solaris commands spread misinformation.
Mike
--
Mike Gerdts
http://mgerdts.blogspot.com/
_______________________________________________
opensolaris-code mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
