HPE Community
Operating System - HP-UX
1832591 Members
3188 Online
110043 Solutions
New Discussion

Re: sam problem

 
Umapathy S
Honored Contributor

‎08-27-2002 07:04 AM

‎08-27-2002 07:04 AM

sam problem

hi forums
I am raising the question again.

When I invoke sam to add a user, it replies back saying permission denied.

When I try to list the disk devices/log volumes it replies back saying that you need superuser privileges to see the info...I logged as root indeed.
# id
uid=0(root) gid=3(sys) groups=0(root),2(bin),4(adm),5(daemon),6(mail),7(lp),20(users),102(mqm)

# groups
root bin sys adm daemon mail lp users mqm

I tried adding a user with the following script
# useradd -u 1150 -g users -d /home/testuser -s /usr/bin/ksh -c "test" -m testuser
rm: /etc/group.tmp2485 not removed. Permission denied
/home/testuser: Not owner
Cannot create home directory

there is an entry in /etc/passwd file
/home/testuser is created with testuser:users
/etc/group has modified entry w.r.t to users group

but /home/testuser doesnt contain the .profile that it needed to copy from /etc/skel

any pointers, info on this are appreciated.

Its bad guess but whether this may due to any patch update.

cheers
Umapathy

ps: Shiju could you please help me on this. I feel setuid/setgid is not working properly.


Arise Awake and Stop NOT till the goal is Reached!
0 Kudos
Reply
10 REPLIES 10
harry d brown jr
Honored Contributor

‎08-27-2002 07:10 AM

‎08-27-2002 07:10 AM

Re: sam problem

What OS release?

Is this a trusted machine (tcb)??

what does ls -l /etc/group.tmp* return??

what does this return

ls -l /home | grep testuser

live free or die
harry
Live Free or Die
0 Kudos
Reply
Umapathy S
Honored Contributor

‎08-27-2002 07:13 AM

‎08-27-2002 07:13 AM

Re: sam problem

# uname -a
HP-UX hpk220 B.10.20 U 9000/859 434573382 unlimited-user license

# ls -l /etc/group.tmp*
-rw-rw-rw- 1 root sys 741 Aug 27 19:56 /etc/group.tmp2011
-rw-rw-rw- 1 root sys 741 Aug 27 20:01 /etc/group.tmp2060
-rw-rw-rw- 1 root sys 741 Aug 27 20:32 /etc/group.tmp2485

I guess the times I tried to create users. I am missing some permissions somewhere I think
# ls -l /home | grep testuser
drwxr-xr-x 2 testuser users 24 Aug 27 20:32 testuser

cheers
Umapathy

Arise Awake and Stop NOT till the goal is Reached!
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎08-27-2002 07:14 AM

‎08-27-2002 07:14 AM

Re: sam problem

Regarding both questions you have asked regarding adding users: do you have any other security software installed? For example Seos?

If so, this is the problem.

Cheryl
"Downtime is a Crime."
0 Kudos
Reply
Umapathy S
Honored Contributor

‎08-27-2002 07:19 AM

‎08-27-2002 07:19 AM

Re: sam problem

hi Cheryl
As far as I know I havnt installed any security software you have mentioned.

The problem is I went on a week vacation. May be someone would have changed something.

How do I know the existence of such software other than swlist

cheers
Umapathy
Arise Awake and Stop NOT till the goal is Reached!
0 Kudos
Reply
Martin Johnson
Honored Contributor

‎08-27-2002 07:35 AM

‎08-27-2002 07:35 AM

Re: sam problem

What do you get when you type in "whoami"? If you get intruder alert, you have some sort of corruption. Mostly likely /etc/passwd or /etc/group. You can also get this type of behavior if /var fills up.

I've had this happen twice. The first time /etc/passwd was corrupted. I use vi to rewrite the output and everything was fine.

The second time /var/ filled up. I cleaned up /var but had to reboot to clear up the corruption.

HTH
Marty
0 Kudos
Reply
Umapathy S
Honored Contributor

‎08-27-2002 07:45 AM

‎08-27-2002 07:45 AM

Re: sam problem

hi Martin
whoami returns correctly

# whoami
root

/var is very far from full

I ran the following

# pwck

nobody:*:-2:-24::/:
Invalid GID

# grpck


tty::10:
Null login name


nogroup:*:-2:
Invalid GID
Null login name

is there anything to do with this.

Also When I tried to list the softwares installed using sam, it said you dont have superuser privileges. Indeed all the important sections of sam say the above error

cheers
Umapathy
Arise Awake and Stop NOT till the goal is Reached!
0 Kudos
Reply
Umapathy S
Honored Contributor

‎08-27-2002 08:10 AM

‎08-27-2002 08:10 AM

Re: sam problem

When I tried to open the "Install software to local host" section of sam, I got the following error

UNEXPECTED EXIT: process /usr/lib/sw/sdfal_check exited with a non-zero exit status.

ERROR: Could not initialize security. This process does not have super-user privilege.

ERROR: swinstall failed. See /var/adm/sw/swinstall.log

When I saw swinstall.log I found out only previous entries on my reboot after a patch installation (Unlimitted user license patch)

cheers
Umapathy


Arise Awake and Stop NOT till the goal is Reached!
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎08-27-2002 08:36 AM

‎08-27-2002 08:36 AM

Re: sam problem

Hopefully, you track shell history. It's time to see what might have been done to the system while you were out. Look for any chown, chmod, chgrp commands which might have been run.

If you can't pinpoint the problems by looking at shell history, and since user's will never come clean and admit they ran the culprit command, you may have to do things like:
# swverify \*
which will generate more information than you could read in a day but at least it will identify chmod, chgrp and chown problems.

"Downtime is a Crime."
0 Kudos
Reply
Umapathy S
Honored Contributor

‎08-27-2002 11:10 PM

‎08-27-2002 11:10 PM

Re: sam problem

Solved the problem.

It was with /usr/sbin/sh. The setuid bit was set for this. As a result the permission problems.

Thanks for all the responses I got in this regard.

Now I want to know who changed the mode of /usr/sbin/sh. apart from browsing sh_history any other way to do that

cheers
Umapathy
Arise Awake and Stop NOT till the goal is Reached!
0 Kudos
Reply
Paula J Frazer-Campbell
Honored Contributor

‎08-27-2002 11:33 PM

‎08-27-2002 11:33 PM

Re: sam problem

Hi
Have a look at :-

last -R root

root pts/ta 172.20.4.5 Wed Aug 28 07:43 still logged in
root console Tue Aug 27 17:46 - 18:55 (01:09)
root console Tue Aug 27 16:52 - 17:20 (00:28)
root console Tue Aug 27 09:03 - 09:04 (00:01)
root pts/ta 172.20.4.5 Tue Aug 27 08:45 - 20:14 (11:28)
root pts/tf 172.20.4.5 Tue Aug 27 08:30 - 08:34 (00:04)
root pts/td 172.20.4.5 Fri Aug 23 09:58 - 16:34 (06:36)
root pts/ta 172.20.4.5 Thu Aug 22 08:15 - 16:33 (08:18)


Note that it gives ip address of login, look at logins for when you are away. Also look at other root level logins.


HTH

Paula
If you can spell SysAdmin then you is one - anon
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.