LSM - volume device file attributes

From: Belcher, Paul A <Paul.Belcher_at_capgemini.co.uk>
Date: Fri, 13 Nov 1998 17:30:10 +0000

Hi all,

I have recently setup an AlphaServer 8400 with LSM and AdvFS that will
be running a Sybase database on Digital UNIX v4.0d, with patch kit 2.
It would appear that Sybase requires 'rw' access to the LSM raw devices
to be functional. (I do not know Sybase, but this is a request from the
DBA.)

The Sybase user is a member of the system group and system group has
been granted 'rw' perms for the relevant 'rvol' devices for each volume.
With this set-up Sybase works correctly.
Whenever the system is rebooted, the permissions on the LSM volume
device files reverts to the 'normal' 'rw' access for root owner only.

Since we are running C2 security I was hoping to resolve this issue by
placing the relevant directory and file hierarchy in the files database
/etc/auth/system/files and have the system set it up on boot.
I have used MLS+ before and from memory believe that it works OK for
MLS, I assumed it was the same on C2 but it does not appear to work and
a call to an ex-colleague at DEC/Compaq confirmed that there does not
appear to be the 'setfiles' utility on C2.

Currently a workaround is to have a plain and simple script that chmods
the files after boot, but I really don't want this to be the case.

So I have a couple of questions..

Does anyone know if the use of the files database /etc/auth/system/files
should work as I expected under straight C2 for Digital UNIX v4.0d or is
it broke?

Is LSM or something else reverting the special device file for the LSM
volumes to the base permissions, and if so is there anyway to modify
this behaviour?

If no one can supply a response then I will probably log a fault with
DEC/Compaq, since I believe that the files database and setfiles should
function.

regards

Paul

........................................................................
........................................................
Paul A Belcher
Telephone: +44 171 917 4512
Mobile: +44 7775 818115
E-mail: paul.belcher_at_capgemini.co.uk

Consultant, Digital UNIX
ABC

All comments or opinions expressed are entirely my own
and do NOT represent in any way, Cap Gemini UK or Worldwide.
"What if there were no hypothetical situations?"
........................................................................
........................................................





Received on Fri Nov 13 1998 - 17:31:50 NZDT