HPE Community
Operating System - HP-UX
1833744 Members
3004 Online
110063 Solutions
New Discussion

Re: Running RC script

 
SOLVED
Go to solution
Jonathan Caplette_1
Super Advisor

‎07-29-2003 07:43 AM

‎07-29-2003 07:43 AM

Running RC script

Hi guys,

I want to know who runs rc scripts... Is that always root????

Thanks
Jonathan
0 Kudos
Reply
10 REPLIES 10
Pete Randall
Outstanding Contributor

‎07-29-2003 07:45 AM

‎07-29-2003 07:45 AM

Solution

Re: Running RC script

Yep.


Pete


Pete
Reply
A. Clay Stephenson
Acclaimed Contributor

‎07-29-2003 07:47 AM

‎07-29-2003 07:47 AM

Re: Running RC script

Does a hog like slop?
If it ain't broke, I can fix that.
0 Kudos
Reply
Mark Greene_1
Honored Contributor

‎07-29-2003 07:48 AM

‎07-29-2003 07:48 AM

Re: Running RC script

Usually, but it doesn't have to be. In /sbin/init.d you could user the setuid bit to force ownership to something other than root. I would think that doing this is NOT recommended for any of the system daemon processes. I'd setup a simple shell script to test this before changing anything.

mark
the future will be a lot like now, only later
Reply
John Meissner
Esteemed Contributor

‎07-29-2003 07:52 AM

‎07-29-2003 07:52 AM

Re: Running RC script

yes. one way this can be changed is to have your rc script 'su - user'
All paths lead to destiny
Reply
Steven E. Protter
Exalted Contributor

‎07-29-2003 07:53 AM

‎07-29-2003 07:53 AM

Re: Running RC script

A practical, though less humorous answer.

To see who can run something, no matter where it is.

Check permissions.


ll filename

Example:

ll /sbin/init.d/oracle
-rwx------ 1 root sys

The only one that can read write or execute this script is root

If there was an x in the second set of permissions

-rwxr-x---

Then other members of the sys group could also execute it.

If it looked like this:

-rwxr-xr-x

Then anyone can execute it. Note you have to be able to read it to execute it. Hence the r.

Permissions tells the whole story of who can do what on a Unix box.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
A. Clay Stephenson
Acclaimed Contributor

‎07-29-2003 07:55 AM

‎07-29-2003 07:55 AM

Re: Running RC script

Note that within a given rc script, you can always do an su (and since the user is root, no passwd is needed). It's very common to do something like "su oracle -c command arg1 arg2"; however, it's generally a bad idea to su - oracle -c command arg1 arg2" because almost certainly oracle .profile will contain command which expect an interactive environemt -- which cron ain't. A better method is to have a separate file (e.g. /usr/local/bin/oraenv.sh) and have your rc script and oracle's .profile source this file (viz . /usr/local/bin/oraenv.sh) to set and export environment variables. The sources file must not contain a return or exit statement.

If it ain't broke, I can fix that.
Reply
Jonathan Caplette_1
Super Advisor

‎07-29-2003 09:09 AM

‎07-29-2003 09:09 AM

Re: Running RC script

"Thank you.. Come again!!!"
0 Kudos
Reply
Caesar_3
Esteemed Contributor

‎07-29-2003 12:39 PM

‎07-29-2003 12:39 PM

Re: Running RC script

Hello!

You create the script in /sbin/init.d/
that can handle parameters (start|stop|start_msg|stop_msg)
and in the /sbin/rcX.d/ create link to it
SNAME
-> /sbin/init.d/<ScriptName>

and in /sbin/rc(X-1).d/ create link to it
KNAME
-> /sbin/init.d/<ScriptName>

And yes it's run with root always.

Caesar
0 Kudos
Reply
prasad_15
Advisor

‎07-29-2003 03:58 PM

‎07-29-2003 03:58 PM

Re: Running RC script

Hi,

please advise this.
$ ls -l /bin/newgrp
-r-sr-xr-x 1 root bin 16384 Feb 20 2001 /bin/newgrp

so when I did this
$ newgrp dba
Sorry

Why??? as i have the execute on newgrp set.

Thanks

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎07-29-2003 05:41 PM

‎07-29-2003 05:41 PM

Re: Running RC script

As far as the newgrp command, it di run just fine. The problem is not "Execute permission denied", the error was "sorry" which is not meaningful but it was newgrp's way to tell you that your username is not listed in /etc/group with the user dba. Have the system administrator add your username to /etc/group for the dba group.

However, newgrp is archaic today. For 10.20 your sysadmin can create a symlink between /etc/group and /etc/logingroup. For 11.0 and higher, the link is not needed. /etc/group needs to have ONLY alternate group membership listed, not the primary group as this is found in /etc/passwd. This simplifies the passwd file.

To see what groups your login belongs to, use the command: id


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.