Unixware 2


What is this stuff?

If this isn't exactly what you wanted, please try our Search (there's a LOT of techy and non-techy stuff here about Linux, Unix, Mac OS X and just computers in general!):



From - Thu Jan 27 16:33:26 2000
Xref: world comp.unix.sco.misc:114831 comp.unix.unixware.misc:39858
Path: world!newsfeed.mathworks.com!newsfeed.tli.de!newsfeed01.sul.t-online.de!newsfeed00.sul.t-online.de!t-online.de!newsfeeds.belnet.be!news.belnet.be!skynet.be!news.lightlink.com!news.alt.net!usenet
From: "Jeff Dickens" <jdickens@ersi.com>
Newsgroups: comp.unix.unixware.misc,comp.unix.sco.misc
Subject: Re: Administrative gui apps fail in UW2
Date: Thu, 27 Jan 2000 16:30:35 -0500
Organization: Altopia Corp. - Usenet Access - http://www.altopia.com
Lines: 131 Message-ID: <86qdbf$ch$0@dosa.alt.net> References: <86n4ch$hee$0@dosa.alt.net> <139C60EF3D07D501.1D7944106FAB0F4E.7EA282D759842BAE@lp.airnews.net>
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
X-Mozilla-Status: 8011
X-Mozilla-Status2: 00000000


Hate these ads?



Thanks for the info... I ran initprivs and found something rather
suspicious:



# initprivs
UX:initprivs: WARNING: File ``/usr/X/bin/Launch_Application'' fails
validation:
entry ignored
UX:initprivs: WARNING: 1 entry ignored in ``/etc/security/tcb/privs''














I found a script called setpriv that seemed to do what you described, so I
ran it:



# ./setpriv
/sbin/filepriv -f allprivs /sbin/tfadmin
/sbin/filepriv -f dacread /etc/fs/s5/df
/sbin/filepriv -f dacread /etc/fs/vxfs/df
/sbin/filepriv -f
owner,audit,auditwr,bind,compat,core,dacread,dacwrite,dev,file
sys,loadmod,macread,macwrite,mount,multidir,setplevel,setflevel,setuid,sysop
s,dr
iver,fpri,macupgrade,fsysrange,plock,tshar /sbin/initprivs
/sbin/filepriv -f loadmod /sbin/pcfont
/sbin/filepriv -f setuid /usr/X/bin/App_Sharing
/sbin/filepriv -f setuid /usr/X/bin/Launch_Application
/sbin/filepriv -f setuid /usr/X/bin/NetWare_Access
/sbin/filepriv -f setuid /usr/X/bin/Remote_Apps
/sbin/filepriv -f setuid,dacread /usr/X/bin/xauto
/sbin/filepriv -f allprivs /usr/X/lib/display/vprobe
/sbin/filepriv -f dev,driver /usr/bin/finger
/sbin/filepriv -f dev,driver /usr/bin/ftp
/sbin/filepriv -f dev /usr/bin/ipcs
/sbin/filepriv -f macread /usr/bin/listusers
/sbin/filepriv -f macupgrade /usr/bin/mkdir
/sbin/filepriv -f dev,filesys /usr/bin/netstat
/sbin/filepriv -f setuid /usr/bin/newgrp
/sbin/filepriv -f dev,driver /usr/bin/otalk
/sbin/filepriv -f macread,audit /usr/bin/passwd
/sbin/filepriv -f loadmod /usr/bin/pcfont
/sbin/filepriv -f dacread /usr/bin/priocntl
/sbin/filepriv -f dev,filesys,driver /usr/bin/rcp
/sbin/filepriv -f dev,filesys /usr/bin/rdist
/sbin/filepriv -f dev,filesys,driver /usr/bin/rlogin
/sbin/filepriv -f dev,filesys,driver /usr/bin/rsh
/sbin/filepriv -f macread /usr/bin/ruptime
/sbin/filepriv -f macread /usr/bin/rwho
/sbin/filepriv -f owner,dev,macread,macwrite,setflevel /usr/bin/script
/sbin/filepriv -f macwrite /usr/bin/strchg
/sbin/filepriv -f dev,driver /usr/bin/talk
/sbin/filepriv -f dev,driver /usr/bin/telnet
/sbin/filepriv -f dev,driver /usr/bin/tftp
/sbin/filepriv -f dacwrite,macread,macwrite,setflevel /usr/bin/uidadmin
/sbin/filepriv -f dacread /usr/lib/fs/vxfs/df
/sbin/filepriv -f audit /usr/lib/lp/bin/lp.pr
/sbin/filepriv -f setuid,sysops /usr/lib/lp/model/B2
/sbin/filepriv -f setuid /usr/lib/mail/mail_pipe
/sbin/filepriv -f setuid /usr/lib/mail/pchown
/sbin/filepriv -f setuid /usr/lib/mail/surrcmd/createSurr
/sbin/filepriv -f setuid /usr/lib/mail/surrcmd/popper
/sbin/filepriv -f setuid /usr/lib/mail/surrcmd/smf-out
/sbin/filepriv -f setuid /usr/lib/mail/surrcmd/smtp
/sbin/filepriv -f setuid,filesys /usr/lib/mail/surrcmd/smtpd
/sbin/filepriv -f setuid /usr/lib/mail/surrcmd/smtpqer
/sbin/filepriv -f dacwrite,dev,macread,macwrite,owner,setflevel
/usr/lib/rexec/r
xserver
/sbin/filepriv -f dev /usr/sbin/nslookup
/sbin/filepriv -f filesys /usr/sbin/ping
/sbin/filepriv -f filesys /usr/sbin/trap_rece
/sbin/filepriv -f setuid /usr/ucb/lpr
/sbin/filepriv -f dacread,macread /usr/ucb/w



But it didn't seem to help:






# initprivs
UX:initprivs: WARNING: File ``/usr/X/bin/Launch_Application'' fails
validation:
entry ignored
UX:initprivs: WARNING: 1 entry ignored in ``/etc/security/tcb/privs''
#



Sooo... I did this:



# filepriv -d /usr/X/bin/Launch_Application
# /sbin/filepriv -f setuid /usr/X/bin/Launch_Application
# initprivs
#









Now initprivs doesn't complain... hopefully this fixed it.. the X console is
in another land so I won't know right away.





jerry sutton <jerrys@airmail.net> wrote in message
news:139C60EF3D07D501.1D7944106FAB0F4E.7EA282D759842BAE@lp.airnews.net...
> Jeff Dickens wrote:
> >
> > Hi.  We recently installed a Unixware 2 system that we need for an
> > integration project with a vendor that still uses UW2 exclusively.  We
> > designated one user the "system owner" during installation.
> >
> > However, when that user logs in at the console, under the gui (X), the
> > administrative applications don't work.  If you try to start one, for
> > example the user manager or dialup setup, nothing happens.  Apparently
> > whatever script runs just fails silently.
> >
> > Does this sound like a common problem  that you recognize ?  If not
where
> > might I look for the log of this presumably failing script ?
> >
> > Thanks in advance...
>
> I'm speaking imprecisely from memory since I haven't kept
> a UW2 machine up for about a year.
>
> Start by looking in either /tmp or /var/tmp for one of the
> X11 logs, I believe it is Xerrors.  See if it tells you why.
>
> A common reason for UnixWare commands to suddenly stop
> working is the enhanced security mechanism.  If you have
> used cpio, for example, to 'touch' a file which is
> registered with the security database, executing that file
> will abruptly exit.  Read man pages on filepriv, initprivs,
> the section 2 Intro.  There is a script somewhere under
> /etc/ia/security which will rebuild the tcb on the
> presumption that security has NOT been breached.  So you
> might investigate this arena.
> --
> Jerry Sutton jerrys@airmail.net
> and of course, I don't speak on behalf of my employer








Comments /Bofcusm/259.html


Add your comments

Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)

Or use any RSS reader

Delivered by FeedBurner





Views for this page
Today This Week This Month This Year  Overall
21027543 2,656

/Bofcusm/259.html copyright 1997-2004 (various authors) All Rights Reserved

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

More:
       - Unixware
       - GUI




Unix/Linux Consultants

Your ad here - $24.00 yearly!

UBB Computer Services Support for Openserver, Unixware and Linux. Windows integration with Unix/Linux servers. Hardware, Backup and Networking issues. Located near Sacramento CA, we provide onsite support throughout Northern CA and Nationwide via remote access. We are a SCO Authorized Partner and a Microlite BackupEdge Certified Reseller.


http://www.m3ipinc.com Security, firewalls, ids, audits, vulnerability assesments, BS7799, HIPAA, GLB, incident handling


http://www.cleverminds.net Need expert advice? Want a second opinion? CleverMinds is a one-stop-shop for a wide range of technology solutions. We support Unix, Linux, SCO as well as CMS, ecom, blogs, podcasts, search engines consulting and more. Contact us at web2.0@cleverminds.net 0r (617) 894-1282




card_image








Change Congress


Related Posts