Problem with SCO Unix/SecureWare fixed
Marc Unangst
mju at mudos.ann-arbor.mi.us
Tue Nov 20 14:26:13 AEST 1990
A week or so ago, some of you may remember me posting a tale of woe
describing my problems with SCO's SecureWare add-on security product.
The problem was that /etc/auth/system/gr_id_map wasn't being recreated
by the system, causing programs like cron(8) to be unable to find their
group, and making all logins other than root on the OVERRIDE tty
impossible. Well, it's fixed.
The problem stemmed from a time I manually edited the /etc/group file
to add a new group, instead of doing it through sysadmsh. I
accidentally left a blank line at the end of the file, which caused
the SecureWare code that creates /etc/auth/system/gr_id_map from
/etc/group to silently barf. Apparently, since SCO tells you numerous
times not to edit /etc/passwd or /etc/group manually, they feel
justified in making their file parsers much pickier and less robust
than they would have to be if real live humans were editing the
files. IMHO, a poorly-placed blank line, especially at the END of a
file, should not cause a system to crash in such a severe way -- even
if there's "no possible way" that such a blank line could appear.
The workaround, obviously, seems to be that you just have to be more
careful when you do things Mother SCO doesn't approve of. I'm going
to keep editing /etc/passwd and /etc/group and related files under
/tcb by hand, simply because there's so much you *have* to do that
way. For example, try to completely remove all traces of a user with
sysadmsh.
--
Marc Unangst |
mju at mudos.ann-arbor.mi.us | "Bus error: passengers dumped"
...!umich!leebai!mudos!mju |
More information about the Comp.unix.sysv386
mailing list