Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!asuvax!mcdphx!dover!digital!chen From: chen@digital.sps.mot.com (Jinfu Chen) Newsgroups: comp.sys.apollo Subject: Re: Weird login-/etc/ping-/usr/ucb/whoami behaviour Message-ID: <48af0749.12c9a@digital.sps.mot.com> Date: 16 Feb 90 20:12:58 GMT References: <20873@watdragon.waterloo.edu> Sender: news@digital.sps.mot.com Organization: Motorola, Inc. Logic IC Div, Mesa, AZ Lines: 29 In article <20873@watdragon.waterloo.edu> dvadura@watdragon.waterloo.edu (Dennis Vadura) writes: >I have the following three problems. >Machine: DN3500, 8 megs ram, 350 meg disk, SR10.2, runs in x-owns-root > >I have run out of ideas as to what could be causing the problem, although >I am certain that it is my fault. That is, none of this took place when >I first installed SR10.2, but I went and ran protection sripts, that we have, >to modify permissions since the install made everything under /sys, and >elsewhere writable by everybody (not good). After running the scripts the >following three problems have shown up: I don't know if this helps or not. There're directories under /sys needed to be wide open. Especially /sys/node_data and some directories under. /tmp, /dev, and many system log/temp directories are under /sys/node_data (/tmp is a link to /sys/node_data/tmp, so as /dev, and some directories in /usr/spool). So if you tight up protection from /sys on, you're in big trouble. I agree that the default acls provided by Apollo in SR10.1 and 10.2 are not tight enough and they don't provide a good script to set them up properly as in the good-old day of SR9.7. I'm also amazed by the size of the SR10.2 acl template: -rwxrwxr-x 1 root 1267125 Oct 13 07:24 templates/apollo/os.v.10.2/ip.closed_sysv -- Jinfu Chen (602)898-5338 | Disclaimer: Motorola, Inc. Logic IC Div., Mesa, AZ | ..{somewhere}!uunet!dover!digital!chen | My employer doesn't pay chen@digital.sps.mot.com | me to express opinions.