HPE Community
Operating System - HP-UX
1834480 Members
3245 Online
110067 Solutions
New Discussion

java process run as root (setuid bit) causes /usr/lib/dld.sl: Can't open shared library:...libjvm.sl

 
Antonio Cardoso_1
Trusted Contributor

‎04-21-2005 10:13 PM

‎04-21-2005 10:13 PM

java process run as root (setuid bit) causes /usr/lib/dld.sl: Can't open shared library:...libjvm.sl

Hi,
I've just installed goldbase11i v0412 on a server, and noticed that I can't start some java process now, which was working fine before.
This process is started by a shell script with setuid permission to root (because it needs to listen to port 162):
-rwsr-xr-x 1 root sys 2760 Apr 22 11:49 /tmp/startproc

The script contents is :
#!/bin/sh
/opt/java1.4/jre/bin/java -classpath

- When I run this script logged as root, it's OK
- When I run it logged as another user, it now causes error:
/usr/lib/dld.sl: Can't open shared library: /CLO/Components/JAVA_12/Src/build/HP_UX/lib/PA_RISC2.0/server/libjvm.sl
/usr/lib/dld.sl: No such file or directory

Java release is 1.4.2_04

This behavior is new...
If anyone can explain me the reason of this (and maybe some way to cope with it)...

thanks.
0 Kudos
Reply
10 REPLIES 10
Stephen Keane
Honored Contributor

‎04-21-2005 10:35 PM

‎04-21-2005 10:35 PM

Re: java process run as root (setuid bit) causes /usr/lib/dld.sl: Can't open shared library:...libjvm.sl

Add

SHLIB_PATH=$SHLIB_PATH:"/CLO/Components/JAVA_12/Src/build/HP_UX/lib/PA_RISC2.0/server"
export SHLIB_PATH

to your script?

0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎04-21-2005 11:19 PM

‎04-21-2005 11:19 PM

Re: java process run as root (setuid bit) causes /usr/lib/dld.sl: Can't open shared library:...libjvm.sl

The cause of the error is almost always the environment variable SHLIB_PATH

It neds to include the directory /usr/lib

export SHLIB_PATH=/usr/lib:$SHLIB_PATH

try again.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Antonio Cardoso_1
Trusted Contributor

‎04-21-2005 11:47 PM

‎04-21-2005 11:47 PM

Re: java process run as root (setuid bit) causes /usr/lib/dld.sl: Can't open shared library:...libjvm.sl

Hi

I changed nothing, and it is now working with original script.
Moreover, the SHLIB_PATH variable was never set before. I suppose that JAVA VM initializes the lib path according to architecture and VM-type.

I'll try once again after a clean installation.

Thanks for your answers.
0 Kudos
Reply
Antonio Cardoso_1
Trusted Contributor

‎04-22-2005 12:24 AM

‎04-22-2005 12:24 AM

Re: java process run as root (setuid bit) causes /usr/lib/dld.sl: Can't open shared library:...libjvm.sl

now I rebooted my server, and the problem appears again:
- even after including
export SHLIB_PATH=/usr/lib:/opt/java1.4/jre/lib/PA_RISC2.0/server
in the script, it still causes the error.

I can run the process is logged root,
it fails if other user runs it.

Again, this was working before I installed the goldbase11i.0412 bundle.
0 Kudos
Reply
Stephen Keane
Honored Contributor

‎04-22-2005 12:35 AM

‎04-22-2005 12:35 AM

Re: java process run as root (setuid bit) causes /usr/lib/dld.sl: Can't open shared library:...libjvm.sl

Probably straying into grandmother's egg sucking strategies here, but what does

#ll /CLO/Components/JAVA_12/Src/build/HP_UX/lib/PA_RISC2.0/server/libjvm.sl

give you?

0 Kudos
Reply
Antonio Cardoso_1
Trusted Contributor

‎04-22-2005 01:23 AM

‎04-22-2005 01:23 AM

Re: java process run as root (setuid bit) causes /usr/lib/dld.sl: Can't open shared library:...libjvm.sl

ll /CLO/Components/JAVA_12/Src/build/HP_UX/lib/PA_RISC2.0/server/libjvm.sl
gives nothing, which is normal because this is the path at development side.
This libjvm.sl should be resolved by to /opt/java1.4/jre/lib/PA_RISC2.0/server/libjvm.sl.

Note that I have more startup scripts that still work fine after install of goldbase11i.0412, and use a syntax similar to the one which fails.
The only difference is the setuid bit to allow programm running as root to be able to open socket on port 162.

0 Kudos
Reply
Stephen Keane
Honored Contributor

‎04-22-2005 01:59 AM

‎04-22-2005 01:59 AM

Re: java process run as root (setuid bit) causes /usr/lib/dld.sl: Can't open shared library:...libjvm.sl

If the script works OK if you log in and run it as root, but doesn't work OK if you run-as-root, that suggests maybe the environments are different? Maybe running env when logged in as root and putting env in the script would show up a difference?
0 Kudos
Reply
Antonio Cardoso_1
Trusted Contributor

‎04-22-2005 04:38 AM

‎04-22-2005 04:38 AM

Re: java process run as root (setuid bit) causes /usr/lib/dld.sl: Can't open shared library:...libjvm.sl

I'm re-installing the machine in previous state, but I will try once again next week if have some time for it.
I'll keep you informed.
0 Kudos
Reply
Alex Glennie
Honored Contributor

‎04-22-2005 04:53 AM

‎04-22-2005 04:53 AM

Re: java process run as root (setuid bit) causes /usr/lib/dld.sl: Can't open shared library:...libjvm.sl

PHCO_27781:
( SR: [8606269172/STARS-ACTIVE/English] CR:JAGae33407 )
Applications that rely upon the ability of su(1) command to
switch to another user and pass along certain environment
variables, including but not limited to SHLIB_PATH, do not
work.

just a thought ?
0 Kudos
Reply
Antonio Cardoso_1
Trusted Contributor

‎04-24-2005 11:38 PM

‎04-24-2005 11:38 PM

Re: java process run as root (setuid bit) causes /usr/lib/dld.sl: Can't open shared library:...libjvm.sl

Hi all,

having a look at J2SE SDK release notes, I found:
"Running Java with setuid or setgid
Java requires dynamic loading (SHLIB_PATH, LD_LIBRARY_PATH) which are disabled in setuid or setgid executables. Therefore Java cannot run with setuid or setgid."

=> I understand that having it working until now with the setuid bit was more an unexpected situation!!!

I have installed and configured sudo on my server as a way to replace the use of setuid.


0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.