HPE Community
Operating System - HP-UX
1834287 Members
2151 Online
110066 Solutions
New Discussion

Re: Trusted and umask

 
Shahril M
Frequent Advisor

‎02-21-2005 12:50 PM

‎02-21-2005 12:50 PM

Trusted and umask

Hi folks,

To my best knowledge, enabling (and disabling) trusted mode does not change any umask settings.

If I am correct, has anyone ever encountered such a scenario?

I detected different permissions in files created before and after a certain date, and my colleagues have only said that they only enabled trusted that week.


Rgds,
Shahril
0 Kudos
Reply
8 REPLIES 8
A. Clay Stephenson
Acclaimed Contributor

‎02-21-2005 01:06 PM

‎02-21-2005 01:06 PM

Re: Trusted and umask

Trusted and non-trusted have nothing to do with umask.
If it ain't broke, I can fix that.
0 Kudos
Reply
Mic V.
Esteemed Contributor

‎02-21-2005 01:09 PM

‎02-21-2005 01:09 PM

Re: Trusted and umask

I've never seen anything like you describe. I've switched systems in and out of trusted mode...

Were they system files or something in someone's home directory?

Mic
What kind of a name is 'Wolverine'?
0 Kudos
Reply
Darrel Louis
Honored Contributor

‎02-21-2005 07:13 PM

‎02-21-2005 07:13 PM

Re: Trusted and umask

Shahrill,

How did they converted the system to trusted mode?
Did they run the Bastille Tool, because this will convert your system to trusted mode and will change more like umask, password aging etc.
Also check for umask in the following files:
- /etc/profile
- /etc/skel/.*
- /etc/default/security

Darrel
0 Kudos
Reply
Darrel Louis
Honored Contributor

‎02-21-2005 07:23 PM

‎02-21-2005 07:23 PM

Re: Trusted and umask

Shahrill,

Something else I found:

http://newfdawg.com/SecBook-3.6.6Update.htm

Note: Once a system is trusted the default umask of 077 is set. This is not set in the /etc/profile or in any other configuraton file. It is part of the system code. Any entries you make in /etc/profile or .profile will overwrite the trusted system default value.

Darrel
0 Kudos
Reply
Peter Godron
Honored Contributor

‎02-21-2005 07:28 PM

‎02-21-2005 07:28 PM

Re: Trusted and umask

Shahril,
page 2-24 of http://docs.hp.com/en/B2355-90121/B2355-90121.pdf (Adminstering your HPUX trusted system)states you must set the umask to 077 before adding users to a trusted system.
But this sounds like a manual set, not an automatic conversion set.
Recommend looking at startup files!
Regards
0 Kudos
Reply
Shahril M
Frequent Advisor

‎02-21-2005 07:53 PM

‎02-21-2005 07:53 PM

Re: Trusted and umask

Hi folks,

Thanx for the responses.

Clay, your post conflict's with Darrel's 2nd post. Any comments?

Mic, the files are not system files, but files created by user accounts. Particularly to my interest, our SAP system run under the adm id created files of 600 permission when it used to be 666 before.

Darrel, from what I was told, SAM was used to convert to trusted.

umask was not set in /etc/profile, nor the files in /etc/skel/. There is no /etc/default/security

Peter, are you referring to files in /sbin/rc?.d/ ? I searched there and only found files setting umask to 022 or 000, none to 077.


Thanx & Rgds,
Shahril
- keep them coming, I will award points at the end this time
0 Kudos
Reply
Darrel Louis
Honored Contributor

‎02-21-2005 08:44 PM

‎02-21-2005 08:44 PM

Re: Trusted and umask

Shahril,

There are many ways to convert to trusted mode.(Commandline, SAM,Bastille)

When you login as the SAP user and you check for the environment variables, what does umask say?
Also do a touch of a file: touch newfile
What are the permissions on the file.

Is the umask set in the users .profile or other settings file?

Darrel
0 Kudos
Reply
Mic V.
Esteemed Contributor

‎02-24-2005 03:53 PM

‎02-24-2005 03:53 PM

Re: Trusted and umask

Darrel's info was news to me. I can't say I've noticed that behavior, though. OTOH, I never converted our ERP. Maybe it was a good thing I didn't -- our programmers depended on 777 perms for data sharing (you can speculate for yourself on the reasons why! :).

I just made a little test on an 11.00 system (it's what's available). Before converting, I had adm create a file with the default umask and with a 111 umask (for a 666 file). I converted to trusted with SAM, then did the same test. No change. I saw no evidence of a umask change by the conversion. I did the test with a plain user and also saw no difference.

I'm not sure whether this helps, except as a sanity check. What version of HP-UX was it?

Mic
What kind of a name is 'Wolverine'?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.