Re: [Dorset] Off Topic: SunOS Help needed
Hi again Terry, They build ./run with cc -o run run.c and then do ./run It's taking the place of csh kicking off startloopstop. If it fails then it'll print out execl(3)'s return value, i, which will be -1 (failure), the numeric value of errno, and what is the normal text version of it, e.g. Permission denied. That may shed some light. An easier way, or if they haven't a C compiler, is to use Perl. I think Solaris 8 has 5.004 installed. $ perl -le 'exec(./startloopstop) or print failed: $! , $! + 0' failed: Permission denied 13 $ $! is perl's `errno' value, we print it as a string first, and then as an integer. Cheers, Ralph. -- Next meeting: Dorchester, Tue 2010-03-02 20:00 http://dorset.lug.org.uk/ http://www.linkedin.com/groups?gid=2645413 Chat: http://www.mibbit.com/?server=irc.blitzed.orgchannel=%23dorset List info: https://mailman.lug.org.uk/mailman/listinfo/dorset
Re: [Dorset] Off Topic: SunOS Help needed
On 23/02/10 14:47, d-...@hadrian-way.co.uk wrote: The user admin is listed as the account for installing software and he gets a csh to use. I'm fairly unfamiliar with the csh, so I've had to feel my way around using our reference machine (which is still running SunOS 5.7) to remind myself what we did. Here is what I've found: 1. If I enter ./startloopstop, I get the small dialogue box which gives the user control over the running program. When this is pressed a small file is written to the local directory, which is the signal, via checkforloopstop, to the running test program to exit the loop. This works fine for me. When the customer tries to do this, he gets 'Permission denied' when he types ./startloopstop. What other things could prevent execution, bearing in mind the file and directory permissionsseem to allow anyone to do anything? Remember anyone can run the file but it doesn't mean the programme can write to the directory, so this is most likely the problem. For security, startloopstop should not have write access, so should be set to either 755 or 555. 2. If I open the passwd file, it tells me that the user called admin is a member of the mats group with the following entry: admin:x:500:1208: Administration Account for Installing Software: /home/: /bin/csh (the mats group has the ID 1208.) 2a. Does the x signify that the user has execute priveledge or is that something else? The x signifies the password is kept in a separate file called /etc/shadow (the original passwd format held the actual password in that field but was moved to a different file for security (only root has access to /etc/shadow). 2b. If I type group mats I get permission denied, even when logged in as root. Why is that? I understood that this is a valid command. On Linux and Solaris it is groups matt 2c. There is a file called profile in /etc, is that relevant? It seems to be a script. At the bottom of this file is the single line umask 022. sequence of startup-files for sh, ksh, bash: 1. /etc/profile, 2.$HOME/.profile csh: 1. /etc/.login, 2. $HOME/.cshrc, 3. $HOME/.login 3. In a csh, how do I find where I am? csh all commands are the same as bash or sh, but uses .login and .cshrc instead of .bashrc or .bash_profile when you logon or start a csh. Check if both of these files exists. Path will be set using set path = ($path $home/bin .) 4. In a csh, should appropos work? I can do man apropos, but foobar anything simply lists the paths that it has searched and failed to find man pages. Sounds like your path is not set up. http://developers.sun.com/solaris/articles/man_pages.html#4 -- -- Discover Linux - Open Source Solutions to Business and Schools http://discoverlinux.co.uk -- -- Next meeting: Dorchester, Tue 2010-03-02 20:00 http://dorset.lug.org.uk/ http://www.linkedin.com/groups?gid=2645413 Chat: http://www.mibbit.com/?server=irc.blitzed.orgchannel=%23dorset List info: https://mailman.lug.org.uk/mailman/listinfo/dorset
Re: [Dorset] Off Topic: SunOS Help needed
Hi Terry,
We asked them to list the contents of the directory that contains the
binary, and they got: Â
merlin:admin:ls -la
total 42
drwxrwxrwx  2 admin   mats        512 Feb 16 09:24 ./
drwxrwxrwx 13 root    root       1024 Feb 23 07:05 ../
-rwxrwxrwx  1 admin   mats       9373 Feb 16 09:24
checkforstop*
-rwxrwxrwx  1 admin   mats       8942 Feb 16 09:24
startloopstop*
(I'm surprised ls(1) is showing a * (for executable) against those two
files by default. Perhaps they've got it aliased to `ls -F' or
something.)
What does
file ./checkforstop ./startloopstop
show? Also, if you shipped those executables to them, can they confirm
they're still byte-for-byte OK, e.g. do
cksum ./checkforstop ./startloopstop
on your machine and theirs. You should both have that, it's a
polynomial CRC so robust enough. Compare the outputs.
The user admin is listed as the account for installing software and he
gets a csh to use.
OK.
1. If I enter ./startloopstop, I get the small dialogue box which
gives the user control over the running program. When this is pressed
a small file is written to the local directory, which is the signal,
via checkforloopstop, to the running test program to exit the loop.Â
This works fine for me. When the customer tries to do this, he gets
'Permission denied' when he types ./startloopstop.
If you're at all dubious about their ability to enter what they say
they're entering, have him type
ls ./startloopstop
!$
The first command should just ls(1) that one file, confirming the
filename, including the leading `./', is entered correctly. The second
is a history substitution that's replaced by the last word of the last
command; the thing we now know is entered correctly. But I guess
they're used to do this pre-upgrade?
What other things could prevent execution, bearing in mind the file
and directory permissionsseem to allow anyone to do anything?
Are they both C executables? I forget their history. Perhaps, after
the OS upgrade, the shared libraries they depend on aren't available or
are incompatible?
ldd(1), as on Linux, will get 5.8 to list the libraries needed by a
file. It shows the system recognises it as an binary executable file
along the way.
ldd ./startloopstop
The user's PATH won't matter since they're being run with a `/' in their
name, so it's important they're run as ./startloopstop. Does
./checkforstop work? Have they a C compiler on that machine? What if
they do
echo 'main() { puts(hello); return 0; }' hello.c
cc hello.c
./a.out
Does ./a.out run and print hello?
Permission denied is the normal text for the EACCES errno value. If
we assume csh(1) is getting as far as running execve(2) to kick off
./startloopstop then the error, from execve(2), means:
EACCES
Search permission is denied for a directory listed in the new
process file's path prefix; the new process file is not an ordinary
file; or the new process file mode denies execute permission.
The file's path prefix is `./' and everyone has search permission ('x')
on `.' according to the ls(1) output above. Perhaps the executable file
being in the old Solaris 7 format, or not having all the shared
libraries availble maps onto is not an ordinary file, but I doubt it.
And there's clearly execute permission for all ('x') on the file itself.
If they can compile C and run ./a.out, have them create run.c in that
directory containing
#include unistd.h
#include stdio.h
#include errno.h
main() {
int i;
errno = 0;
i = execl(./startloopstop, startloopstop, (char *)0);
printf(%d %d\n, i, errno);
perror(as text);
return 0;
}
They build ./run with
cc -o run run.c
and then do
./run
It's taking the place of csh kicking off startloopstop. If it fails
then it'll print out execl(3)'s return value, i, which will be -1
(failure), the numeric value of errno, and what is the normal text
version of it, e.g. Permission denied. That may shed some light.
2c. There is a file called profile in /etc, is that relevant? It
seems to be a script. At the bottom of this file is the single line
umask 022.
umask, whatever it is, and wherever it's being set, just influences the
default permissions of newly created files.
3. In a csh, how do I find where I am?
`pwd', print-working-directory. It's a built-in in C shell, as in
(ba)?sh.
4. In a csh, should appropos work? I can do man apropos, but foobar
anything simply lists the paths that it has searched and failed to
find man pages.
Does `man man' work? If so, try `man -k foo' instead of `apropos foo'.
apropos is normally just a short-cut for `man -k'.
If the system had strace(1) we could just go for a simple
strace csh -c ./startloopstop
and see exactly what the csh was trying to do and how far it got. But
it hasn't. :-)
Cheers,
Ralph.
--
Next meeting:
Re: [Dorset] Off Topic: SunOS Help needed
Hi Terry, 4. In a csh, should appropos work? I can do man apropos, but foobar anything simply lists the paths that it has searched and failed to find man pages. Sounds like your path is not set up. http://developers.sun.com/solaris/articles/man_pages.html#4 I assumed that too, but why did 'man apropos' work? If `man man' works, but `man -k man' doesn't list anything then the database man's -k/apropos is searching hasn't been built. Quite possible on a newly-installed machine I suppose. Does /usr/share/man/windex exist? The catman(1) command builds it. Cheers, Ralph. -- Next meeting: Dorchester, Tue 2010-03-02 20:00 http://dorset.lug.org.uk/ http://www.linkedin.com/groups?gid=2645413 Chat: http://www.mibbit.com/?server=irc.blitzed.orgchannel=%23dorset List info: https://mailman.lug.org.uk/mailman/listinfo/dorset
