Several people responded immediately with the right answer. All of the
files in /usr/bin and /usr/kvm/bin had somehow lost their appropriate
set-gid/set-uid attributes.
A. Bryan Curnutt suggested that this was probably caused by an
improper file system restoration. I think this is likely. I'll grill
the likely suspects later. Below is my original request followed by
the two best responses.
Thanks to the following who replied (and if I've left you out, thanks
to you, too.)
jerry@soul.ampex.com
mike_wagner@il.us.swissba
kalle@cs.wvu.edu
pln@egret1.Stanford.EDU
Harry.H.Sun@jupiter.cc.ge
szh@zcon.com
hkatz@lehman.com
raoul@MIT.EDU
mike_raffety@il.us.swissb
rwing!pat@ole.cdac.com
curnutt@Stoner.COM
perryh@pluto.rain.com
janaka@ee.pdx.edu
tom@sees.bangor.ac.uk
zegarac@gdls.com
Poul.Sorensen@nilu.no
Original request:
> I'm helping out some sun newbies in a research group affiliated
> with ours. They have single Sun SparcStation 10/30, 128 MBytes
> RAM, running SunOS 4.1.3. Since about a week ago, their machine
> began exhibiting strange behavior when a user tries certain
> commands, namely
> ps su ipcs
> I've included a sample session below. A few more clues:
> 1. No problems occur when root tries these commands.
> 2. I've only noticed problems with these three, but I haven't
> conducted an exhaustive search.
> 3. They claim that they've made no recent changes to their
> system.
> What's wrong? I will summarize.
> SAMPLE SESSION
> machine_name% ps ps: cannot open /dev/kmem: Permission denied
> ps: could not read kernel VM
> machine_name% ipcs ipcs: cannot open /dev/kmem: Permission
> denied
> machine_name% su Password: <<the correct root password>> su:
> setgid: Not owner
> machine_name% su meister Password: <<the correct password for
> meister>> setgroups: Not owner su: initgroups failed
>>>>> "Perry" == Perry Hutchison <perryh@pluto.rain.com> writes:
Perry> This sounds like a problem with permissions. I don't have
Perry> a 4.1.3 machine handy, but as I recall the permissions
Perry> should be something like:
Perry> -rwxr-sr-x 1 root kmem 122880 Nov 10 1987 /bin/ps
Perry> -rwxr-sr-x 1 root kmem 51824 Nov 10 1987 /usr/bin/ipcs
Perry> -rwsr-xr-x 1 root staff 57344 Nov 10 1987 /bin/su
Perry> crw-r----- 1 root kmem 3, 1 Sep 24 1988 /dev/kmem
Perry> Note in particular that ps and ipcs are set-gid kmem and
Perry> /dev/kmem is readable by group kmem but not by ordinary
Perry> users. If the group assignment or permissions of /dev/kmem
Perry> got changed, or if ps and ipcs lost their set-gid kmem
Perry> attributes, that would explain the problems with opening
Perry> /dev/kmem. The problems with su sound as if it may have
Perry> lost its set-uid root attribute.
Perry> As to a possible common cause for all this, I'd look in
Perry> /etc/fstab to see if / and/or /usr is being mounted with
Perry> the nosuid attribute.
>>>>> "Poul" == Poul Sorensen <Poul.Sorensen@nilu.no> writes:
Poul> It seems that your friends have lost the set[ug]id modes on
Poul> there programs. Did they mount /usr with nosuid ??? - they
Poul> should NOT do that! If they didn't do that, check the
Poul> permissions on the programs: Ask them to do:
Poul> % ls -lgL /bin/{ps,ipcs,su} /dev/kmem
Poul> Which should generate something like: -rwxr-sr-x 1 root kmem
Poul> 16384 Jan 21 1994 /bin/ipcs -rwxr-sr-x 1 root kmem 40016 Jan
Poul> 21 1994 /bin/ps -rwsr-xr-x 1 root staff 7144 Jan 21 1994
Poul> /bin/su crw-r----- 1 root kmem 3, 1 Apr 27 1993 /dev/kmem
Poul> Use chmod g+s /bin/ipcs /kvm/ps and chmod u+s /bin/su
Poul> su is setuid-root because one needs eff-uid root to make
Poul> another setuid - i.e. one must be root to change uid - the
Poul> setuid on su makes you root while you do su....
Poul> The setgid on ps,ipcs makes your eff-gid kmem while
Poul> executing those programs - enabling you to read /dev/kmem
Poul> which normal users can't read - because /dev/kmem has
Poul> group-read, others-none access.
Poul> Root allways succeed in these operations, as root is allowed
Poul> to setuid anyone, and [s]he's allowed to read/write any file
Poul> on the system...
-- ___________________________________________________________________ Mark Meister meister@ipl.bwh.harvard.edu Image Processing Laboratory Phone: (617) 732-6690 Department of Radiology FAX: (617) 732-6695 Brigham and Women's Hospital Boston MA ___________________________________________________________________
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:08 CDT