Re: [Fwd: Re: [U2] RedHat, Universe, unlocking]

Thu, 09 Mar 2006 16:39:42 -0800 

John Godzina wrote:
Hrm ... I dunno ... I installed universe and specified using uvadm as the admin user. My perms on list_readu are different: -rwxr-x--x 1 root uvadm 1289340 May 10 2005 /usr/local/Universe/ibm/bin/list_readu 

uvadm belongs to:

uid=600(uvadm) gid=600(uvadm) groups=600(uvadm) 
context=user_u:system_r:unconfined_t

 which implies I _should_ be able to execute this, but I always get
Insufficient privileges to perform lock maintenance.



I don't have any experience with the SE Linux security settings, but 
I'll bet chmod u+s list_readu would allow you to do lock maintenance. 
I'm not sure why there's a difference in permission settings on 
different systems though.  I've got a defunct IRIX box that was running 
UV 9.6.2.2 installed with root as admin with these suid enabled binaries:


-rwsr-x--x    1 root     daemon    1991532 Aug 27  2001 clean
-rwsr-x--x    1 root     daemon    2029676 Aug 27  2001 list_readu
-rwsr-x--x    1 root     daemon    2006708 Aug 27  2001 sp.edit
-rwsr-x--x    1 root     daemon    1991940 Aug 27  2001 upduvtrans
-rwsr-x--x    1 root     daemon      80008 Aug 27  2001 uv
-rwsr-x--x    1 root     daemon    4849652 Aug 27  2001 uvadmsh
-rwsr-x--x    2 root     daemon    5041216 Aug 27  2001 uvbackup
-rwsr-x--x    1 root     daemon    2038864 Aug 27  2001 uvdlockd
-rwsr-x--x    1 root     daemon      78972 Aug 27  2001 uvdls
-rwsr-x--x    1 root     daemon    2006604 Aug 27  2001 uvlictool
-rwsr-x--x    1 root     daemon      13152 Aug 27  2001 uvpset
-rwsr-x--x    2 root     daemon    5041216 Aug 27  2001 uvrestore
-rwsr-x--x    1 root     daemon      12152 Aug 27  2001 uvsetacc


and my current RH AS3 box running UV 10.1.4 installed with uvadm as 
admin has these suid binaries:


-rwsr-x--x    1 root     bin       1263112 Jul 26  2004 clean
-rwsr-x--x    1 root     bin       2909844 Jul 26  2004 convchar
-rwsr-x--x    1 root     bin       1285180 Jul 26  2004 list_readu
-rwsr-x--x    1 root     bin       1269756 Jul 26  2004 sp.edit
-rwsr-x--x    1 root     bin       1263452 Jul 26  2004 upduvtrans
-rwsr-x--x    1 root     bin         37888 Jul 26  2004 uv
-rwsr-x--x    1 root     bin       2903540 Jul 26  2004 uvadmsh
-rwsr-x--x    2 root     bin       3004036 Jul 26  2004 uvbackup
-rwsr-x--x    1 root     bin       1282588 Jul 26  2004 uvdlockd
-rwsr-x--x    1 uvadm    root      8673151 Jul 28  2004 uvdlockd.d
-rwsr-x--x    1 root     bin         37760 Jul 26  2004 uvdls
-rwsr-x--x    1 root     bin       1268488 Jul 26  2004 uvlictool
-rwsr-x--x    1 root     bin          3856 Jul 26  2004 uvpset
-rwsr-x--x    2 root     bin       3004036 Jul 26  2004 uvrestore
-rwsr-x--x    1 root     bin          3176 Jul 26  2004 uvsetacc


The only one I personally modified on both systems was sp.edit.  It 
seems that the rest were meant to be runnable as root by non-root users 
by default, but I don't know why other installs wouldn't also be set up 
this way.


-John
--
John Hester
System & Network Administrator
Momentum Group Inc.
(949) 833-8886 x623
http://memosamples.com
-------
u2-users mailing list
[email protected]
To unsubscribe please visit http://listserver.u2ug.org/














    











					Reply via email to