Patches
Showing results for 
Search instead for 
Do you mean 

potential issue of swlist permission

SOLVED
Go to Solution
Trusted Contributor Trusted Contributor

potential issue of swlist permission

[ Edited ]

I posted a new one continue with my last one

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xd3517bb04b5cd611abdb0090277a778c,00.html

Questions:
1. Any potential issue to disable r/x for others?
2. How to disable remote swlist?

Thanks.

 

 

P.S. This thread has been moved from HP-UX > General to  HP-UX > patches - HP Forums Moderator

1 ACCEPTED SOLUTION
Acclaimed Contributor Acclaimed Contributor

Re: potential issue of swlist permission

Hi Victor:

As far as I know, there isn't a problem restricting the permissions here. You might be interested to know, however, that software like 'swlist' is but a copy of a binary shared among eleven objects. Do: 'ls -il /usr/sbin/sw*' to expose them. ;-)

Regards!

...JRF...
5 REPLIES
Highlighted
Honored Contributor Honored Contributor

Re: potential issue of swlist permission

None, unless you have regular users that need access to swlist, or installing packages, of which I would personally never allow!

live free or die
harry
Live Free or Die
Acclaimed Contributor Acclaimed Contributor

Re: potential issue of swlist permission

Hi Victor:

As far as I know, there isn't a problem restricting the permissions here. You might be interested to know, however, that software like 'swlist' is but a copy of a binary shared among eleven objects. Do: 'ls -il /usr/sbin/sw*' to expose them. ;-)

Regards!

...JRF...
Honored Contributor Honored Contributor

Re: potential issue of swlist permission

Hi Victor

It is like what you desire , if you want only root ot run it then that is the solution , incase you want to exnted to groups etc then you can try other modes too. But it works fine with root and this is only accessed by root when you do stuff like swinstall so you should be good to go.


Manoj Srivastava
Honored Contributor

Re: potential issue of swlist permission

Hi Victor:

OK ..posting here again ..

I have mentioned that point, because normally the permissions set to the commands and utilities in /usr, /usr/sbin, /etc are very OS specific. You should be very careful when changing the permissions or ownership of those files.

I will give you an eg: My oracle dba once reported an error starting the database -"permission denied". The problem reported to metalink and the solution was to check the permission of 'lanscan' command. In that case the permission of lanscan was incorrect when I checked it.

Like this, in your case if any dba/developer install or update any application/program which in turn calls 'swlist', then there are chances that you unnecessary spending time on it !

Sorry, if I was confusing you.

my 2 cents ..
Shiju
Life is a promise, fulfill it!
Honored Contributor

Re: potential issue of swlist permission

Hi Victor:

For the second question - remote restriction for swlist - You may consider using 'swacl' command. See man swacl for more details. The files under /var/adm/sw/security are used for these purposes.

HTH,
Shiju
Life is a promise, fulfill it!