HPE Community
Operating System - HP-UX
1753840 Members
9457 Online
108806 Solutions
New Discussion юеВ

Re: remsh/rcp umask issues

 
SOLVED
Go to solution
K. Lesperance
Advisor

тАО04-08-2009 03:47 AM

тАО04-08-2009 03:47 AM

Re: remsh/rcp umask issues

Dennis,

those scripts all have the default values, the same as on the working hosts:

root # grep -i umask *
OVTrcSrv: (umask 002; /opt/OV/lbin/xpl/trc/ovtrcd)
clean_adm: mask=`umask`
clean_adm: umask 022
clean_adm: umask $mask
ems: UmaskValue=`umask`
ems: umask u=r,g=r,o=r
ems: umask $UmaskValue
ems: UmaskValue=`umask`
ems: umask u=r,g=r,o=r
ems: umask $UmaskValue
esm:umask 022
gwlmagt:umask 077
hpsmh:umask 002
hpsmh: umask 333
hpsmh: umask 002
inetd: mask=`umask`
inetd: umask 000
inetd: umask $mask
prngd.rc:umask 022
rstemsListener:umask 022
sec_mgmt:umask 077
spc:umask 077
syslog-ng: # Note. This umask is mostly paranoia. syslog-ng
syslog-ng: mask=`umask`
syslog-ng: umask 022 # u=rwx,g=rx,o=rx, disable group/other write
syslog-ng: umask $mask
syslogd: mask=`umask`
syslogd: umask 022
syslogd: umask $mask

inetd.conf has the following for remsh:

shell stream tcp6 nowait root /usr/lbin/remshd remshd
0 Kudos
Per Christensen_1
Advisor

тАО04-08-2009 04:22 AM

тАО04-08-2009 04:22 AM

Solution

Re: remsh/rcp umask issues

Hi

Nice one actually.
Apparently remshd on 11.31 does NOT use the UMASK setting i /etc/default/security as it says in man. Only way I can think of to change this behaviour is to make a change to /etc/pam.conf in the section Session Management by adding bypass_umask:

Before:
rcomds session required libpam_hpsec.so.1 bypass_limit_login

After:
rcomds session required libpam_hpsec.so.1 bypass_limit_login bypass_umask

Hope this helps you,
Have a nice Easter everyone.
Cheers
Per
0 Kudos
K. Lesperance
Advisor

тАО04-09-2009 05:48 AM

тАО04-09-2009 05:48 AM

Re: remsh/rcp umask issues

Pat,

I think you found it!

root # grep -i umask pam.conf
ftp session required libpam_hpsec.so.1 bypass_limit_login bypass_umask bypass_nologin
rcomds session required libpam_hpsec.so.1 bypass_limit_login bypass_umask

Thanks everyone!
0 Kudos
K. Lesperance
Advisor

тАО04-09-2009 06:01 AM

тАО04-09-2009 06:01 AM

Re: remsh/rcp umask issues

False alarm - one of my colleagues added that in to pam.conf, but it hasn't seemed to help. The umask is set to 077 regardless of whether or not we include "bypass_umask" in pam.conf.
0 Kudos
K. Lesperance
Advisor

тАО04-16-2009 09:02 AM

тАО04-16-2009 09:02 AM

Re: remsh/rcp umask issues

We've finally found the solution. It appears somebody manually started inetd, instead of using the script in /sbin/inetd. This caused inetd to inherit the umask of the session it was started as. Starting inetd with the init script has caused remsh/rcp to use the correct umask again.

Thanks for all the help.
0 Kudos
K. Lesperance
Advisor

тАО04-16-2009 09:03 AM

тАО04-16-2009 09:03 AM

Re: remsh/rcp umask issues

Restarted inetd using init script /sbin/init.d/inetd, instead of manually running /usr/sbin/inetd.
0 Kudos
Per Christensen_1
Advisor

тАО04-16-2009 11:47 PM

тАО04-16-2009 11:47 PM

Re: remsh/rcp umask issues

Hi K.
Great the problems is solved. Do you still have the umask setting in pam.conf ?
My tests showed that was the solution.
Just curious.
Cheers
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.