HPE Community
Operating System - HP-UX
1834018 Members
2107 Online
110063 Solutions
New Discussion

Re: PWGR - Turning off.

 
SOLVED
Go to solution
joe_91
Super Advisor

‎11-23-2004 01:54 AM

‎11-23-2004 01:54 AM

PWGR - Turning off.

All:

We are getting Flagged (For security reg. permissions)for /var/spool/sockets/pwgr directory on most of the servers.My proposal was to turn OFF this daemon and remove the pwgr directory so that i will not get flagged.
is it a good approach? will it have any impact?

Thanks

Joe
0 Kudos
Reply
9 REPLIES 9
Jeff Schussele
Honored Contributor

‎11-23-2004 02:01 AM

‎11-23-2004 02:01 AM

Re: PWGR - Turning off.

Hi Joe,

If you're using NIS or NIS+ then there will be no effect.
If you're not using those then you'll suffer some performance hit - especially if you have lots of logins or any apps are using lots of getpwuid() or getgrname() calls because the pwgrd is a caching routine for these calls.
I would suggest you test this prior to implementation because the impact could range from negligible to severe.

My 2 cents,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎11-23-2004 02:07 AM

‎11-23-2004 02:07 AM

Re: PWGR - Turning off.

Not a problem. Edit /etc/rc.config.d/pwgr and set PWGR=0. pwgrd is a password and group caching daemon to speed up searches when the passwd file is thousands of entries. With a small password and group file it is not necessary. pwgrd listens on a Unix domain socket for client requests, and your security folks won't like having a socket that accepts codes to be processed as root, so it's a good idea to disable it.


Bill Hassell, sysadmin
0 Kudos
Reply
Thierry Poels_1
Honored Contributor

‎11-23-2004 02:11 AM

‎11-23-2004 02:11 AM

Re: PWGR - Turning off.

hi,

if you have a relatively small passwd file you can stop the pwgrd daemon.
And if it is not running its cache cannot get corrupted (rarely happen but anyway) ;-)

regards,
Thierry.
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
0 Kudos
Reply
joe_91
Super Advisor

‎11-23-2004 02:13 AM

‎11-23-2004 02:13 AM

Re: PWGR - Turning off.

Bill/Jeff:

Thanks.

I think i am going to Disable it 'coz we run NIS and on other machines we just have very few id's who login (Oracle Boxes)
Ok here are the steps for disabling PWGR.

/sbin/init.d/pwgr stop
Edit the /etc/rc.config.d/pwgr and set it to 0

Next remove the directory /var/spool/sockets/pwgr directory
(because even if i disable it the directory will still be there) So is it ok to rm -r that direcotory?

Are these steps correct? Pl. Confirm

Thanks

Joe.

0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎11-23-2004 02:14 AM

‎11-23-2004 02:14 AM

Re: PWGR - Turning off.

It's not a problem to disable it. UNIX boxes ran without passwd and group caching literally for decades before this deamon came along. I doubt you will be able to detect any performance impacts.
If it ain't broke, I can fix that.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎11-23-2004 02:18 AM

‎11-23-2004 02:18 AM

Re: PWGR - Turning off.

Yes - those steps sound appropriate.
Be advised that if you do any swverify options that would be looking for the pwgrd fileset/files it would flag an error on the missing items - not a problem but you need to be aware of the possibility.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
joe_91
Super Advisor

‎11-23-2004 02:28 AM

‎11-23-2004 02:28 AM

Re: PWGR - Turning off.

Jeff & Team:

Perfect to remove the directory right. Now to get rid of that is there any fileset that we need to swremove?

Thanks

Joe
0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

‎11-23-2004 02:35 AM

‎11-23-2004 02:35 AM

Solution

Re: PWGR - Turning off.

Hi Joe,

No need to remove a fileset, you can remove the directory /var/spool/sockets/pwgr after you disabled the pwgr daemon.

Regards,
Robert-Jan
Reply
Steven E. Protter
Exalted Contributor

‎11-23-2004 02:59 AM

‎11-23-2004 02:59 AM

Re: PWGR - Turning off.

If you want to remove the software.

swremove -i

Find it,
select it,
Action Remove.

It will be gone.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.