On 6/6/07, Roland Mainz <roland.mainz at nrubsig.org> wrote: > The same way as the native command works... > > > Surely ksh93 doesn't install setuid by default... > > Solaris "chown" isn't a setid application: > -- snip -- > $ ls -l /usr/bin/chown > -r-xr-xr-x 1 root bin 13196 Mar 25 16:58 /usr/bin/chown > -- snip -- > > > Does it try to use the builtin then try chown in $PATH if it gets > > EPERM? > > No... why should it call the native version in that case ?
Of course chown isn't and shouldn't be setuid. It is up to the kernel to enforce that policy. Duh! I really don't know where I came up with that at... > > I've recently been burned by this one. lucreate or luupgrade (I > > forget which) blew up due to missing -p and having some questionable > > stuff in the file pointed to by $ENV. > > See > http://mail.opensolaris.org/pipermail/shell-discuss/2007-June/000470.html > - are you _sure_ that the script set in ENV is executed _within_ the > "lucreate"/"luupgrade" scripts ? The way that I debugged the problem was by iteratively clearing environment variables (or setting to sane values). For example, after performing a normal login with an inappropriately customized root environment (right down to exec /bin/ksh in .profile): LD_LIBRARY_PATH= lucreate ... LD_LIBRARY_PATH= PATH=/usr/bin:/usr/sbin lucreate ... . . . LD_LIBRARY_PATH= PATH=/usr/bin:/usr/sbin ... ENV= lucreate ... The actual lucreate command was: # lucreate -c 'S9_2006Q1_s0' -l /var/tmp/lucreate.`date +%m%d%y` \ -m /:d30:ufs,preserve -n 'S9_2006Q4_s3' And the very unhelpful error encountered was: Comparing source boot environment <S9_2006Q1_s0> file systems with the file system(s) you specified for the new boot environment. Determining which file systems should be in the new boot environment. ERROR: At least one option from <-A, -f, -n> must be specified. USAGE: ludesc [ -X ] [ -l error_log ] [ -o outfile ] ( -A BE_description | -n BE_name [ -f ( - | BE_description_file ) | BE_description ] | -f ( - | BE_description_file ) ) INFORMATION: Any BE_name or BE_description should be enclosed in single quotes. ERROR: Cannot delete existing description for new boot environment. I love that INFORMATION message. It's nice that helpful hints coming from Solaris commands spread misinformation. Mike -- Mike Gerdts http://mgerdts.blogspot.com/
