Hi,
My original question:
>Running: Digital Unix V4.0
>
>If I log in as a normal user and run the 'Network'
>configuration GUI program I have the following problem.
>
>First I have to supply the root password. This is OK.
>
>As an Example:
>
>If I choose to Modify the 'Host File' and I put in a
>hosts entry. The hosts file gets saved OK but with
>the wrong file permissions.
>
>Before:
>
> -rw-rw-r-- 1 root system 3592 Apr 4 16:06 hosts
>
>After:
>
> -rw------- 1 root system 3593 Apr 4 16:30 hosts
>
>Then normal users have no permision to look at this file, consequently
>'telnet', 'ftp' etc do not work as they can not read the hosts file.
>
>The GUI setup programs do not use root's 'umask' setting of 022. Instead
>it uses my one which is the default system. That is when I create a file
>the permissions are '-rw-------'.
>
>If I set the umask value to be the same as root's one the hosts file is
>saved with '-rw-rw-r--'.
>
>Is this a problem of using the GUI setup screens where I am first logged
>in as a normal user and have to supply root password to use it ????
>Is it also linked to the 'dop' program mentioned previously in this list ??
>
>The '.new..hosts' file in the /etc direcory has permissions '-rwxr-xr-x'.
>Should this be the correct permission setting. ??
>
>I have used these gui's to setup BIND PRINTERS etc, the same thing happened
>with the BIND setup files 'svc.conf' and 'svcorder'.
>
>Setting the umask value is not the fix, Is there are fix around for this
>problem ??
I got the following replies:
-------------------------------------------------------------------------
"Knut Hellebų" <Knut.Hellebo_at_nho.hydro.com>
Must be a bug. The GUI should check the /etc/hosts file permission
before updating and reset the permission bits to what they were before
updating the file. At least it should set it to x44 access regardless of
umask (the safest way, root can update it anyway)
-------------------------------------------------------------------------
-------------------------------------------------------------------------
Paul David Fardy <pdf_at_morgan.ucs.mun.ca>
I think your problem with umask is moot as you should, for security
reasons, disable this functionality. A known security problem
exists with /usr/sbin/dop which is, I believe, the mechanism used
to authenticate the password. I don't know the details--I believe
it involves TCL, shell, or other scripts and incomplete testing
of the input/environment.
It's recommended by DEC and CERT that you "chmod u-s /usr/sbin/dop",
though you'll be forced to switch user or login as root to use the
interfaces.
Search for "dop" using the archive search page:
http://www.ornl.gov/cts/archives/mailing-lists/search.html
-------------------------------------------------------------------------
-------------------------------------------------------------------------
Jim Williams 474-6290 <sxjvw_at_orca.alaska.edu>
try "su -" before running the network gui. You will become the root user, but
more importantly, the '-' option setup the environment of the user being su'ed
to. The umask will be set the root's.
-------------------------------------------------------------------------
-------------------------------------------------------------------------
Gary Menna <G.Menna_at_isu.usyd.edu.au>
I have had the same problem with the dxaccounts GUI.
I did ask Digital , but was told "bad luck thats the way it is"
I would be interested in any info you may get.
-------------------------------------------------------------------------
There doesn't seem to be any fix, even if you log in as root and use the
GUI. root's umask will still incorrectly set the file permissions as the
GUI programs do not check for the original permissions and restore it
after re-creating the files.
I guess live with it or do not use it. Both are unacceptable. So I will
set my umask to root's umask. At least this does not stop things from
working.
Thanks for the help
Joe Spanicek
Received on Mon Apr 07 1997 - 02:49:48 NZST