HPE Community
Operating System - HP-UX
1752407 Members
5662 Online
108788 Solutions
New Discussion юеВ

Re: PROBLEM: RBAC privrun when execute an runtime program used Oracle/Cobol libraries

 
Abdul Majeed Lardhi
Regular Advisor

тАО07-02-2008 01:42 AM

тАО07-02-2008 01:42 AM

PROBLEM: RBAC privrun when execute an runtime program used Oracle/Cobol libraries

I'm in the last step to finalize RBAC, I faced a problem in executing a application runtime program "rtsunx"

All PATHs are correct, libraries are exist !!



Is RBAC use different name of the Environment LIB parameters ?



(mo)hpus::/home/mo>privrun rtsunx

/usr/lib/hpux64/dld.so: Unable to find library 'libcobscreen64.so.2'.

Killed



(mo)hpus::/home/mo>env |grep LIB

SHLIB_PATH=/opt/microfocus/cobol/lib:/usr/lib/hpux64:/opt/cobol/cobdir/lib:/u01/app/oracle/product/client/lib

LIBPATH=/u01/lib:/opt/microfocus/cobol/lib:/fns/p/r/int:/fns/pd/r/int:/fns/p/r/dbora/int:/fns/pd/r/dbora/int

COBCPY=/fns/p/r/src/LIBRYUNX:/fns/pd/r/src/LIBRYUNX:/fns/p/r/src/LIBRYTRE:/fns/pd/r/src/LIBRYTRE:/fns/p/r/src/LIBRYSWI:/fns/pd/r/src/LIBRYSWI:/fns/p/r/src/LIBRYSPY:/fns/pd/r/src/LIBRYSPY:/fns/p/r/src/LIBRYMIS:/fns/pd/r/src/LIBRYMIS:/fns/p/r/src/LIBRYINV:/fns/pd/r/src/LIBRYINV:/fns/p/r/src/LIBRYGEN:/fns/pd/r/src/LIBRYGEN:/fns/p/r/src/LIBRYDCS:/fns/pd/r/src/LIBRYDCS:/fns/p/r/src/LIBRYCTA:/fns/pd/r/src/LIBRYCTA:/fns/p/r/src/LIBRYCHG:/fns/pd/r/src/LIBRYCHG:/fns/p/r/src/LIBRYBRO:/fns/pd/r/src/LIBRYBRO:/fns/p/r/src/LIBRYBOR:/fns/pd/r/src/LIBRYBOR:/fns/p/r/src/LIBRYATM:/fns/pd/r/src/LIBRYATM:

LD_LIBRARY_PATH=/opt/microfocus/cobol/lib:/fns/p/r/int:/fns/pd/r/int:/fns/p/r/dbora/int:/fns/pd/r/dbora/int



(mo)hpus::/home/mo>ll /opt/microfocus/cobol/lib|grep screen

-r-xr-xr-x 2 root root 187264 Apr 7 2004 libcobscreen.so

-r-xr-xr-x 2 root root 187264 Apr 7 2004 libcobscreen.so.2

-r-xr-xr-x 2 root root 198248 Apr 7 2004 libcobscreen64.so

-r-xr-xr-x 2 root root 198248 Apr 7 2004 libcobscreen64.so.2

-r-xr-xr-x 2 root root 186988 Apr 7 2004 libcobscreen_t.so

-r-xr-xr-x 2 root root 186988 Apr 7 2004 libcobscreen_t.so.2

-r-xr-xr-x 2 root root 198008 Apr 7 2004 libcobscreen_t64.so

-r-xr-xr-x 2 root root 198008 Apr 7 2004 libcobscreen_t64.so.2

(mo)hpus::/home/mo>

Please advise if possible

Regards
Abdul Majeed Lardhi
0 Kudos
Reply
16 REPLIES 16
Dennis Handly
Acclaimed Contributor

тАО07-02-2008 01:53 AM

тАО07-02-2008 01:53 AM

Re: PROBLEM: RBAC privrun when execute an runtime program used Oracle/Cobol libraries

You may have to read the fine print on RBAC.
sudo can be configured to ignore certain environment variables, perhaps RBAC does too.
Also, dld.so ignores these variables for setuid programs so that may erase them before RBAC and they are gone before it gets to rtsunx.

So the simplest solution is to have privrun invoke a script that sets your environment variables then invokes rtsunx.
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО07-02-2008 01:57 AM

тАО07-02-2008 01:57 AM

Re: PROBLEM: RBAC privrun when execute an runtime program used Oracle/Cobol libraries

>ME: may erase them before RBAC and they are gone before it gets to rtsunx.

I suppose you can test these theories by:
privrun env | grep LIB
0 Kudos
Reply
Abdul Majeed Lardhi
Regular Advisor

тАО07-02-2008 02:19 AM

тАО07-02-2008 02:19 AM

Re: PROBLEM: RBAC privrun when execute an runtime program used Oracle/Cobol libraries

I forgot to mention that I set the flag to KEEPENV in cmdpriv RBAC database


/fnsd1/p/r/exe/rtsunx:dflt:(fns.p.rtsunx,*):110/110//:dflt:dflt:dflt:KEEPENV

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО07-02-2008 02:45 AM

тАО07-02-2008 02:45 AM

Re: PROBLEM: RBAC privrun when execute an runtime program used Oracle/Cobol libraries

>I set the flag to KEEPENV

Have you tried my env experiment and my workaround?
0 Kudos
Reply
Abdul Majeed Lardhi
Regular Advisor

тАО07-02-2008 02:48 AM

тАО07-02-2008 02:48 AM

Re: PROBLEM: RBAC privrun when execute an runtime program used Oracle/Cobol libraries

Hi Dennis

First thanks for your reply

By defualt all user has the priviliage to execute "env"

Why I need to add "env" in RBAC ?

Abdul Majeed
0 Kudos
Reply
Abdul Majeed Lardhi
Regular Advisor

тАО07-02-2008 02:57 AM

тАО07-02-2008 02:57 AM

Re: PROBLEM: RBAC privrun when execute an runtime program used Oracle/Cobol libraries

More information of all libraries for that program :

(mo508119)hpus67::/fns/p/r/exe>chatr rtsunx
rtsunx:
64-bit ELF executable
shared library dynamic path search:
LD_LIBRARY_PATH enabled first
SHLIB_PATH enabled second
embedded path enabled third .:/opt/microfocus/cobol/lib:/usr/lib/hpux64
shared library list:
libxcurses.so.1
libm.so.1
libcobrts64.so.2
libcobcrtn64.so.2
libcobmisc64.so.2
libunwind.so.1
libsin.so.1
libc.so.1
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО07-02-2008 03:33 AM

тАО07-02-2008 03:33 AM

Re: PROBLEM: RBAC privrun when execute an runtime program used Oracle/Cobol libraries

>Why I need to add "env" in RBAC?

So you can make sure the env vars tunnel through.

>More information of all libraries for that program:
libcobrts64.so.2
libcobcrtn64.so.2
libcobmisc64.so.2

This means you need to look at these to find the use of libcobscreen64.so.2.
0 Kudos
Reply
Abdul Majeed Lardhi
Regular Advisor

тАО07-02-2008 03:51 AM

тАО07-02-2008 03:51 AM

Re: PROBLEM: RBAC privrun when execute an runtime program used Oracle/Cobol libraries

Dinnes ;

regarding the env, RBAC has feature called " KEEPENV"

this will make the enviroment paramenters ported to the privrun

Abdul Majeed
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО07-02-2008 04:10 AM

тАО07-02-2008 04:10 AM

Re: PROBLEM: RBAC privrun when execute an runtime program used Oracle/Cobol libraries

>RBAC has feature called "KEEPENV"

You have heard of the saying "Trust but verify"?
Your application obviously isn't working, now you have to figure out why. env(1) is the first step.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.