HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- quick question about pwgr
Operating System - HP-UX
1825784
Members
2046
Online
109687
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-08-2004 06:37 AM
09-08-2004 06:37 AM
Okay, I might already know the answer to this question, but want to run it by the experts first to confirm.
To help secure our HPs, we have implemented several suggestions listed in the "How to create a Bastion Host" doc found all over the net, in it, it reads:
pwgrd is a password and group caching daemon. Since we have a very small password and group file it is unnecessary. Also, a little detective work with lsof and tusc (Trace Unix System Calls) [12] shows us that it listens on a Unix domain socket for client requests, and we don't want to allow command channels like that to processes running as root, so we have additional incentive to disable it:
Set the PWGR environment variable to 0 in /etc/rc.config.d/pwgr:
PWGR=0
We also remove stale sockets which will prevent unnecessary libc socket creation and requests to a nonexistent pwgrd listener:
# rm /var/spool/pwgr/* # really just need to remove status
# rm /var/spool/sockets/pwgr/*
which we did about a year ago...no problems..however, I have noticed that everytime a user logs on, a new socket is created in /var/spool/sockets/pwgr even though the daemon is not running. why is this? My thoughts are that possibly some other daemon creates the socket here for pwgr to use if needed, if that is the case, is there a way to turn that off as well?
To help secure our HPs, we have implemented several suggestions listed in the "How to create a Bastion Host" doc found all over the net, in it, it reads:
pwgrd is a password and group caching daemon. Since we have a very small password and group file it is unnecessary. Also, a little detective work with lsof and tusc (Trace Unix System Calls) [12] shows us that it listens on a Unix domain socket for client requests, and we don't want to allow command channels like that to processes running as root, so we have additional incentive to disable it:
Set the PWGR environment variable to 0 in /etc/rc.config.d/pwgr:
PWGR=0
We also remove stale sockets which will prevent unnecessary libc socket creation and requests to a nonexistent pwgrd listener:
# rm /var/spool/pwgr/* # really just need to remove status
# rm /var/spool/sockets/pwgr/*
which we did about a year ago...no problems..however, I have noticed that everytime a user logs on, a new socket is created in /var/spool/sockets/pwgr even though the daemon is not running. why is this? My thoughts are that possibly some other daemon creates the socket here for pwgr to use if needed, if that is the case, is there a way to turn that off as well?
'
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-08-2004 09:12 AM
09-08-2004 09:12 AM
Solution
Hi Ken,
Check this doc.
Document description: How To Prevent Creation of Files in /var/spool/sockets/pwgr
Document id: KBRC00012276
http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000068401720
When the libc calls find this directory (/var/spool/sockets/pwgr) , they
will create the socket files in preparation for using the pwgrd server daemon, whether pwgrd is running or not.
remove the directory pwgr from /var/spool/sockets.
More detailed info in above link.
Best regards,
Robert-Jan
Check this doc.
Document description: How To Prevent Creation of Files in /var/spool/sockets/pwgr
Document id: KBRC00012276
http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000068401720
When the libc calls find this directory (/var/spool/sockets/pwgr) , they
will create the socket files in preparation for using the pwgrd server daemon, whether pwgrd is running or not.
remove the directory pwgr from /var/spool/sockets.
More detailed info in above link.
Best regards,
Robert-Jan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2004 12:27 AM
09-09-2004 12:27 AM
Re: quick question about pwgr
perfect, that is what I was suspecting, thanks for the confirmation!
'
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP