Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!dali.cs.montana.edu!uakari.primate.wisc.edu!sdd.hp.com!cs.utexas.edu!sun-barr!olivea!oliveb!pyramid!infmx!aland From: aland@informix.com (Colonel Panic) Newsgroups: comp.databases Subject: Re: Informix queries: raw partitions, price support Summary: the raw and the cooked Message-ID: <1991Apr30.050635.5254@informix.com> Date: 30 Apr 91 05:06:35 GMT References: <461@octelb.octel.UUCP> <1991Apr26.150939.2069@odi.com> Sender: news@informix.com (Usenet News) Organization: Alferd Packer's Legendary Coronary Fast Food Cannibal Bar & Buffet Lines: 68 In article <1991Apr26.150939.2069@odi.com> dlw@odi.com writes: >In article <461@octelb.octel.UUCP> jfd@octel.UUCP (John F. Detke) writes: > Informix wants to chmod and chgrp informix /dev/rsd0d > in order to use raw partitions. Why the heck do they have set-uid root programs > then? The DBA wants the speed improvements, but I am reluctant to open up /dev > like this. Am I being too paranoid? > >I don't think I understand. Informix needs for their Unix process to >be able to access /dev/rsd0d. They are saying that you should chmod >it to something, and chown it to "informix", in order to grant access >to their process. It seems that you are saying that you don't like >the idea of doing this, because it would "open up /dev", implying that >this would create a possible security problem. Instead you are >counter-proposing that they make their program a "setuid root" >program. The engines are already setuid for the following purposes: 1) boost ulimit up to an arbitrarily high value 2) set groupid to informix After doing so, real and effective uids are set back to those of the invoking user (hence the need to have the devices read/writeable by group informix). >If I were paranoid, I might be more worried about letter their process >run as "root" than about setting the access on /dev/rsd0d as they >recommend. Setting the access will only let their process access that >device, and not others; making their program run as "root" will let >their process access any device whatsoever. Why would it be more secure >for them to run as "root"? Perhaps Mr. Detke is concerned that this would allow an Informix process to run rampant over his devices. As long as /dev is read/search only for non-root uids, I don't see a problem. Also, this is a good time to bring this up. As a safeguard against media failure, it's always best to use a logical pathname rather than the actual device path. We recommend assigning logical names to each slice to be used by OnLine by building hard links. In the above case, if the following is done: cd /dev ln rsd0d online_1 chown informix online_1 chgrp informix online_1 chmod 660 online_1 and /dev/online_1 is used in the OnLine configuration screen (and tbconfig file), it makes recovery easier. If Disk 0 were to fail, you could reassign another slice of equal or greater size and restore to the new slice: cd /dev rm online_1 ln rsd2d online_1 chown informix online_1 chgrp informix online_1 chmod 660 online_1 Then, just reinitialize, restore, and you don't have to rely on that particular device being available. -- Alan Denney aland@informix.com {pyramid|uunet}!infmx!aland "The biggest problem with baseball today is the money being thrown around. The players aren't in the sport for the joy of the game anymore, they're in it for the money. Greed is ruining baseball." - Rogers Hornsby (when Cincinatti Reds manager), 1953