Get APLawrence.com by RSSUnixware 2
What is this stuff?
If this isn't exactly what you wanted, please try our Search (there's a LOT of techy and non-techy stuff here about Linux, Unix, Mac OS X and just computers in general!):
From - Thu Jan 27 16:33:26 2000
Xref: world comp.unix.sco.misc:114831 comp.unix.unixware.misc:39858
Path: world!newsfeed.mathworks.com!newsfeed.tli.de!newsfeed01.sul.t-online.de!newsfeed00.sul.t-online.de!t-online.de!newsfeeds.belnet.be!news.belnet.be!skynet.be!news.lightlink.com!news.alt.net!usenet
From: "Jeff Dickens" <jdickens@ersi.com>
Newsgroups: comp.unix.unixware.misc,comp.unix.sco.misc
Subject: Re: Administrative gui apps fail in UW2
Date: Thu, 27 Jan 2000 16:30:35 -0500
Organization: Altopia Corp. - Usenet Access - http://www.altopia.com
Lines: 131
Message-ID: <86qdbf$ch$0@dosa.alt.net>
References: <86n4ch$hee$0@dosa.alt.net> <139C60EF3D07D501.1D7944106FAB0F4E.7EA282D759842BAE@lp.airnews.net>
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
X-Mozilla-Status: 8011
X-Mozilla-Status2: 00000000
Thanks for the info... I ran initprivs and found something rather
suspicious:
# initprivs
UX:initprivs: WARNING: File ``/usr/X/bin/Launch_Application'' fails
validation:
entry ignored
UX:initprivs: WARNING: 1 entry ignored in ``/etc/security/tcb/privs''
I found a script called setpriv that seemed to do what you described, so I
ran it:
# ./setpriv
/sbin/filepriv -f allprivs /sbin/tfadmin
/sbin/filepriv -f dacread /etc/fs/s5/df
/sbin/filepriv -f dacread /etc/fs/vxfs/df
/sbin/filepriv -f
owner,audit,auditwr,bind,compat,core,dacread,dacwrite,dev,file
sys,loadmod,macread,macwrite,mount,multidir,setplevel,setflevel,setuid,sysop
s,dr
iver,fpri,macupgrade,fsysrange,plock,tshar /sbin/initprivs
/sbin/filepriv -f loadmod /sbin/pcfont
/sbin/filepriv -f setuid /usr/X/bin/App_Sharing
/sbin/filepriv -f setuid /usr/X/bin/Launch_Application
/sbin/filepriv -f setuid /usr/X/bin/NetWare_Access
/sbin/filepriv -f setuid /usr/X/bin/Remote_Apps
/sbin/filepriv -f setuid,dacread /usr/X/bin/xauto
/sbin/filepriv -f allprivs /usr/X/lib/display/vprobe
/sbin/filepriv -f dev,driver /usr/bin/finger
/sbin/filepriv -f dev,driver /usr/bin/ftp
/sbin/filepriv -f dev /usr/bin/ipcs
/sbin/filepriv -f macread /usr/bin/listusers
/sbin/filepriv -f macupgrade /usr/bin/mkdir
/sbin/filepriv -f dev,filesys /usr/bin/netstat
/sbin/filepriv -f setuid /usr/bin/newgrp
/sbin/filepriv -f dev,driver /usr/bin/otalk
/sbin/filepriv -f macread,audit /usr/bin/passwd
/sbin/filepriv -f loadmod /usr/bin/pcfont
/sbin/filepriv -f dacread /usr/bin/priocntl
/sbin/filepriv -f dev,filesys,driver /usr/bin/rcp
/sbin/filepriv -f dev,filesys /usr/bin/rdist
/sbin/filepriv -f dev,filesys,driver /usr/bin/rlogin
/sbin/filepriv -f dev,filesys,driver /usr/bin/rsh
/sbin/filepriv -f macread /usr/bin/ruptime
/sbin/filepriv -f macread /usr/bin/rwho
/sbin/filepriv -f owner,dev,macread,macwrite,setflevel /usr/bin/script
/sbin/filepriv -f macwrite /usr/bin/strchg
/sbin/filepriv -f dev,driver /usr/bin/talk
/sbin/filepriv -f dev,driver /usr/bin/telnet
/sbin/filepriv -f dev,driver /usr/bin/tftp
/sbin/filepriv -f dacwrite,macread,macwrite,setflevel /usr/bin/uidadmin
/sbin/filepriv -f dacread /usr/lib/fs/vxfs/df
/sbin/filepriv -f audit /usr/lib/lp/bin/lp.pr
/sbin/filepriv -f setuid,sysops /usr/lib/lp/model/B2
/sbin/filepriv -f setuid /usr/lib/mail/mail_pipe
/sbin/filepriv -f setuid /usr/lib/mail/pchown
/sbin/filepriv -f setuid /usr/lib/mail/surrcmd/createSurr
/sbin/filepriv -f setuid /usr/lib/mail/surrcmd/popper
/sbin/filepriv -f setuid /usr/lib/mail/surrcmd/smf-out
/sbin/filepriv -f setuid /usr/lib/mail/surrcmd/smtp
/sbin/filepriv -f setuid,filesys /usr/lib/mail/surrcmd/smtpd
/sbin/filepriv -f setuid /usr/lib/mail/surrcmd/smtpqer
/sbin/filepriv -f dacwrite,dev,macread,macwrite,owner,setflevel
/usr/lib/rexec/r
xserver
/sbin/filepriv -f dev /usr/sbin/nslookup
/sbin/filepriv -f filesys /usr/sbin/ping
/sbin/filepriv -f filesys /usr/sbin/trap_rece
/sbin/filepriv -f setuid /usr/ucb/lpr
/sbin/filepriv -f dacread,macread /usr/ucb/w
But it didn't seem to help:
# initprivs
UX:initprivs: WARNING: File ``/usr/X/bin/Launch_Application'' fails
validation:
entry ignored
UX:initprivs: WARNING: 1 entry ignored in ``/etc/security/tcb/privs''
#
Sooo... I did this:
# filepriv -d /usr/X/bin/Launch_Application
# /sbin/filepriv -f setuid /usr/X/bin/Launch_Application
# initprivs
#
Now initprivs doesn't complain... hopefully this fixed it.. the X console is
in another land so I won't know right away.
jerry sutton <jerrys@airmail.net> wrote in message
news:139C60EF3D07D501.1D7944106FAB0F4E.7EA282D759842BAE@lp.airnews.net...
> Jeff Dickens wrote:
> >
> > Hi. We recently installed a Unixware 2 system that we need for an
> > integration project with a vendor that still uses UW2 exclusively. We
> > designated one user the "system owner" during installation.
> >
> > However, when that user logs in at the console, under the gui (X), the
> > administrative applications don't work. If you try to start one, for
> > example the user manager or dialup setup, nothing happens. Apparently
> > whatever script runs just fails silently.
> >
> > Does this sound like a common problem that you recognize ? If not
where
> > might I look for the log of this presumably failing script ?
> >
> > Thanks in advance...
>
> I'm speaking imprecisely from memory since I haven't kept
> a UW2 machine up for about a year.
>
> Start by looking in either /tmp or /var/tmp for one of the
> X11 logs, I believe it is Xerrors. See if it tells you why.
>
> A common reason for UnixWare commands to suddenly stop
> working is the enhanced security mechanism. If you have
> used cpio, for example, to 'touch' a file which is
> registered with the security database, executing that file
> will abruptly exit. Read man pages on filepriv, initprivs,
> the section 2 Intro. There is a script somewhere under
> /etc/ia/security which will rebuild the tcb on the
> presumption that security has NOT been breached. So you
> might investigate this arena.
> --
> Jerry Sutton jerrys@airmail.net
> and of course, I don't speak on behalf of my employer
Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)
| Views for this page | ||||
|---|---|---|---|---|
| Today | This Week | This Month | This Year | Overall |
| 2 | 10 | 27 | 543 | 2,656 |
/Bofcusm/259.html copyright 1997-2004 (various authors) All Rights Reserved
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Your ad here - $24.00 yearly!
UBB Computer Services Support for Openserver, Unixware and Linux. Windows integration with Unix/Linux servers. Hardware, Backup and Networking issues. Located near Sacramento CA, we provide onsite support throughout Northern CA and Nationwide via remote access. We are a SCO Authorized Partner and a Microlite BackupEdge Certified Reseller.
http://www.m3ipinc.com Security, firewalls, ids, audits, vulnerability assesments, BS7799, HIPAA, GLB, incident handling
http://www.cleverminds.net Need expert advice? Want a second opinion? CleverMinds is a one-stop-shop for a wide range of technology solutions. We support Unix, Linux, SCO as well as CMS, ecom, blogs, podcasts, search engines consulting and more. Contact us at web2.0@cleverminds.net 0r (617) 894-1282
Related Posts
Add your comments