HPE Community
Operating System - HP-UX
1819794 Members
3136 Online
109607 Solutions
New Discussion юеВ

SAP <sid>adm user's files in home directory change ownership with different logins

 
SOLVED
Go to solution
gbruner
Advisor

тАО11-09-2006 09:50 AM

тАО11-09-2006 09:50 AM

SAP <sid>adm user's files in home directory change ownership with different logins

Hi. I recently had to rebuild /home/adm because some of the config files got deleted or overwritten.. I think I missed something, because I have a problem when I log in as root and su to adm.. As root, if I look at the files in /home/adm, they are all owned by adm:sapsys. That is as it should be. If I su to adm and then look at files in /home/adm, I see that all files are owned by 3201:sapsys. 3201 happens to be the uid of the adm user. This is a problem because I cant run any sap processes with ownership like this.. Any ideas on where to look and what to look at? I know this much, .profile in /home/adm is pointing to run .sapenv_.sh.. and the standard template of .sapenv_.sh is being used..
0 Kudos
Reply
7 REPLIES 7
Calandrello
Trusted Contributor

тАО11-09-2006 09:58 AM

тАО11-09-2006 09:58 AM

Solution

Re: SAP <sid>adm user's files in home directory change ownership with different logins

Friend I find that you desire to modify home of user this if modifies in the /etc/passwd archive
Reply
TwoProc
Honored Contributor

тАО11-09-2006 10:01 AM

тАО11-09-2006 10:01 AM

Re: SAP <sid>adm user's files in home directory change ownership with different logins

If your not using NIS or LDAP to resolve user names, then it sounds to me like your /etc/passwd file is not publicly readable.

Check to see that /etc/passwd is readable by this user.
We are the people our parents warned us about --Jimmy Buffett
Reply
TwoProc
Honored Contributor

тАО11-09-2006 10:01 AM

тАО11-09-2006 10:01 AM

Re: SAP <sid>adm user's files in home directory change ownership with different logins

If your not using NIS or LDAP to resolve user names, then it sounds to me like your /etc/passwd file is not publicly readable.

Check to see that /etc/passwd is readable by user adm.
We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
TwoProc
Honored Contributor

тАО11-09-2006 10:21 AM

тАО11-09-2006 10:21 AM

Re: SAP <sid>adm user's files in home directory change ownership with different logins

Sorry about the double post - the first post hung so long that I didn't think it was going through, so I edited it up a bit and resent. Excuse the extra posting.
We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
gbruner
Advisor

тАО11-09-2006 10:40 AM

тАО11-09-2006 10:40 AM

Re: SAP <sid>adm user's files in home directory change ownership with different logins

Thank you all! It works! I had recently changed /etc/passwd to 750 because SOX auditors said that it should be that way instead of 444.. Damn auditors.
0 Kudos
Reply
TwoProc
Honored Contributor

тАО11-10-2006 02:38 AM

тАО11-10-2006 02:38 AM

Re: SAP <sid>adm user's files in home directory change ownership with different logins

That's funny!
We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО11-10-2006 01:44 PM

тАО11-10-2006 01:44 PM

Re: SAP <sid>adm user's files in home directory change ownership with different logins

...should be 750...

That's a very serious error. I would report this lack of experience/training of the auditors to upper management and to not make any further changes to your system until the validity of the recommendations can be verified with experts. The 750 recommendation is TOTALLY wrong since the passwd file must be readable by anyone (ll always reads the passwd file) and to make the passwd file executable is simply ignorant. NO file should be executable unless it is a script or a program. These auditors may know something about PCs but keep them off the Unix systems.

You can verify the correctness of ll the HP-UX file and directory permissions with the swverify command:

swverify

Warning: it will take a while and will load the system fairly heavily.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.