Stopping java based applications
Our programmers have been creating java based applications that they start and stop using simple scripts. The start script call java to start the program; however the stop script issues a simple kill command against the PID. Our problem if User A start the program, only User A can kill it (except for root). We want anyone in the group level to be able to also issue the kill command (in the script). Is there a way to allow users in a group to kill each other's started processes. Being new to the zLinux and Java worlds, is it standard to issue a 'kill -9 pid" to terminate a java program? Is there a better way and how does issuing a kill de-allocate memory and other issues? James Chaplin Systems Programmer, MVS, zVM & zLinux Base Technologies, Inc Supporting the zSeries Platform Team -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Stopping java based applications
IMO - the java app should provide a way to tell it to exit gracefully - and the stop script would exercise that. Scott On Tue, Mar 31, 2009 at 7:43 AM, CHAPLIN, JAMES (CTR) < james.chap...@associates.dhs.gov> wrote: > Our programmers have been creating java based applications that they > start and stop using simple scripts. The start script call java to start > the program; however the stop script issues a simple kill command > against the PID. > > Our problem if User A start the program, only User A can kill it (except > for root). We want anyone in the group level to be able to also issue > the kill command (in the script). Is there a way to allow users in a > group to kill each other's started processes. > > Being new to the zLinux and Java worlds, is it standard to issue a 'kill > -9 pid" to terminate a java program? Is there a better way and how does > issuing a kill de-allocate memory and other issues? > > James Chaplin > Systems Programmer, MVS, zVM & zLinux > Base Technologies, Inc > Supporting the zSeries Platform Team > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Stopping java based applications
CHAPLIN, JAMES (CTR) wrote: We want anyone in the group level to be able to also issue the kill command (in the script). Is there a way to allow users in a group to kill each other's started processes. You can have a script or program * with the setuid bit set * with the write permissions off * with group execute perms but no user execute perms -- Jack J. Woehr# I run for public office from time to time. It's like http://www.well.com/~jax # working out at the gym, you sweat a lot, don't get http://www.softwoehr.com # anywhere, and you fall asleep easily afterwards. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Stopping java based applications
>> Our programmers have been creating java based applications that they >> start and stop using simple scripts. The start script call java to start >> the program; however the stop script issues a simple kill command >> against the PID. Ugh. Wrong, wrong, wrong, unless they have set up their application to capture something like SIGSTOP and die gracefully. >> Our problem if User A start the program, only User A can kill it (except >> for root). We want anyone in the group level to be able to also issue >> the kill command (in the script). Is there a way to allow users in a >> group to kill each other's started processes. Sudo. It's not just for operators any more. >> Being new to the zLinux and Java worlds, is it standard to issue a 'kill >> -9 pid" to terminate a java program? Absolutely not. Kill -9 is NEVER supposed to be used to normally exit an application. It's "terminate with extreme prejudice". Not a normal exit. >> Is there a better way Have the application set up a signal handler for SIGTERM or SIGUSR2 that triggers a normal termination, or engineer a normal shutdown message into the application. >> and how does >> issuing a kill de-allocate memory and other issues? Indeterminate. Kill -9 ends the application immediately with no chance of cleanup. It could get lucky and do no harm, or you could wedge something important that will require a full reboot (stuck semaphores and shared memory regions getting locked are common side effects). Most modern Unixen try to clean up as best they can after a SIGKILL, but it's never good practice to rely on that. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Stopping java based applications
On Tuesday 31 March 2009 09:43, CHAPLIN, JAMES (CTR) wrote: >Our programmers have been creating java based applications that they >start and stop using simple scripts. The start script call java to start >the program; however the stop script issues a simple kill command >against the PID. > >Our problem if User A start the program, only User A can kill it (except >for root). We want anyone in the group level to be able to also issue >the kill command (in the script). Is there a way to allow users in a >group to kill each other's started processes. Not directly, because the kill(2) system call does not permit a signal to be sent to processes unless the calling user is also the process owner (or the superuser). But see below for a work-around. >Being new to the zLinux and Java worlds, is it standard to issue a 'kill >-9 pid" to terminate a java program? Is there a better way and how does >issuing a kill de-allocate memory and other issues? No. Using "kill -9" is the "kill of last resort" method. You should first do a "kill -15" to send a SIGTERM signal, which is the polite way to ask the program to terminate. This gives the program the opportunity to shut itself down gracefully by catching the signal and handling it. The "kill -9" sends a SIGKILL which cannot be caught or ignored. The process is immediately halted by and destroyed by the kernel; the program never gets a chance to do anything. Resources (open files, memory, etc.) is cleaned up by the kernel, so you're OK there, but any program state information is lost. The standard way to kill off a program is to send it a SIGTERM, wait several seconds for it to shut itself down, then send it a SIGKILL. This is what the system shutdown scripts do when halting or rebooting Linux. Now for the work-around I mentioned. Scott has the right idea: the Java app should provide a way for an external program to tell it to stop. If it does, use that. Sometimes it is done by starting up another JVM to send the first one a command via some IPC mechanism (eg. a socket). I think this is what WebSphere does. Or it is done by sending some signal (usually SIGTERM) to it, like I mentioned. But how to get the group-level control you originally asked about? If you can send a command via IPC to stop it, then you just make the program that sends that command executable only by users in that group. If you have to send a signal, it is trickier, because as the good book says: "For a process to have permission to send a signal it must either be privileged (under Linux: have the CAP_KILL capability), or the real or effective user ID of the sending process must equal the real or saved set-user-ID of the target process." So the program that sends the signal must be run as either the same user that started your java app, or the superuser. It sounds like any user in the group can start the program, so you write a program that is SetUID to root: it runs as the superuser regardless of who invoked it. You can't do that with a shell script, but I think you can with PERL. Make it owned by root, and your group, with permission mode 4750 (SetUID, read-write-execute by user, execute by group, no access to anyone else). That script finds the correct PID then does its "kill -15" as root, which will send the SIGTERM to that process. - MacK. - Edmund R. MacKenty Software Architect Rocket Software 275 Grove Street · Newton, MA 02466-2272 · USA Tel: +1.617.614.4321 Email: m...@rs.com Web: www.rocketsoftware.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Stopping java based applications
-r--rwsr--+ 1 user group 500 Jan 21 16:23 stopServer.sh The setuid is set on group level. Removed the user execute perms as shown above, and script failed to "kill -p pid", got permission denied message still. Did a chmod 2474 stopServer.sh to set the bits, is this correct in what you are suggesting? James Chaplin Systems Programmer, MVS, zVM & zLinux Base Technologies, Inc -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Jack Woehr Sent: Tuesday, March 31, 2009 10:28 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Stopping java based applications CHAPLIN, JAMES (CTR) wrote: > We want anyone in the group level to be able to also issue > the kill command (in the script). Is there a way to allow users in a > group to kill each other's started processes. > > You can have a script or program * with the setuid bit set * with the write permissions off * with group execute perms but no user execute perms -- Jack J. Woehr# I run for public office from time to time. It's like http://www.well.com/~jax # working out at the gym, you sweat a lot, don't get http://www.softwoehr.com # anywhere, and you fall asleep easily afterwards. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Stopping java based applications
Re: how to cause a Java app to shutdown IF you have the authority to send it a signal: Java JVMs on *nix generally will respond to SIGINT (2) or SIGTERM(15) by exiting "normally". An application an register a "shutdownhook" and run some code to clean up if necessary. Here's a link: http://www.ibm.com/developerworks/java/jdk/linux/50/sdkandruntimeguide.lnx.html#signals Kirk Wolf Dovetailed Technologies On Tue, Mar 31, 2009 at 8:50 AM, Scott Rohling wrote: > IMO - the java app should provide a way to tell it to exit gracefully - and > the stop script would exercise that. > > Scott > > On Tue, Mar 31, 2009 at 7:43 AM, CHAPLIN, JAMES (CTR) < > james.chap...@associates.dhs.gov> wrote: > > > Our programmers have been creating java based applications that they > > start and stop using simple scripts. The start script call java to start > > the program; however the stop script issues a simple kill command > > against the PID. > > > > Our problem if User A start the program, only User A can kill it (except > > for root). We want anyone in the group level to be able to also issue > > the kill command (in the script). Is there a way to allow users in a > > group to kill each other's started processes. > > > > Being new to the zLinux and Java worlds, is it standard to issue a 'kill > > -9 pid" to terminate a java program? Is there a better way and how does > > issuing a kill de-allocate memory and other issues? > > > > James Chaplin > > Systems Programmer, MVS, zVM & zLinux > > Base Technologies, Inc > > Supporting the zSeries Platform Team > > > > -- > > For LINUX-390 subscribe / signoff / archive access instructions, > > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > > visit > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Stopping java based applications
CHAPLIN, JAMES (CTR) wrote: -r--rwsr--+ 1 user group 500 Jan 21 16:23 stopServer.sh The setuid is set on group level. It has to be setuid to root because only root can send signal to other user's processes. So it has to be owned by root and should be something like -r-sr-x--- Oh, minor terminological pedanticism: when the set is on the group we call it setgid to differentiate from setuid. -- Jack J. Woehr# I run for public office from time to time. It's like http://www.well.com/~jax # working out at the gym, you sweat a lot, don't get http://www.softwoehr.com # anywhere, and you fall asleep easily afterwards. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Oracle Special Interest Group
This SIG seems to be the same education available, free, at other locations also. See the announcement at the bottom of this email: Tom Duerbusch THD Consulting >>> Barton Robinson 3/30/2009 7:20 PM >>> Any one that is interested in running Oracle on "Z", the conference will be held in 3 weeks: "http://www.zseriesoraclesig.org/";. As part of the very low cost, there are added workshops included in the price. If interested in Linux and z/VM Performance as well as Oracle, this would be a perfect opportunity. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 == Announcing Customizing Linux and the Mainframe for Oracle DB Applications Available in the U.S. during Second Quarter 2009 The Washington Systems Center will offer a new "no-charge" hands-on workshop in 2Q 2009. Customizing Linux and the Mainframe for Oracle DB Applications (LXOR6) WORKSHOP |REQUESTED LOCATION| SCHEDULED DATE -+--+- | | -+--+- LXOR6|Chicago |May 5 - 7 -+--+- |New York City |May 19 - 21 -+--+- |Gaithersburg |June 9 - 11 (The course description is located at the end of this announcement and can also be found at the following IBM Field Education website: http://www.ibm.com/servers/eserver/zseries/education/topgun/enrollment This workshop is provided on a "NO FEE" basis. Travel, food and lodging expenses are the responsibility of individuals attending the class. To enroll in workshops follow the steps listed below: 1.Enrollment is By Invitation Only - Only IBM representatives are allowed to enroll their invited customers in this workshop. 2.This is a STANDBY course and as such all students are initially placed in a PENDED status until all steps below have been completed. 3.IBMers are encouraged to attend with their customers and must register using the same procedures. Go to the WEBSITE: http://www.ibm.com/servers/eserver/zseries/education/topgun/enrollment ● Click the radio button for "Wildfire Workshops" ... you automatically move to the next panel: ● Click the radio button for the workshop in which you wish to enroll your customer ... you automatically move to the next panel: ● At the top of the page the sessions will be displayed. Click on the location and date for the workshop of your choice. ● Complete all enrollee information. ● Provide a valid Siebel Opportunity Number...Note: without this information, the student will not be confirmed for attendance. ● Click on the "Submit" button when all information has been provided. 4.Because space is limited, enroll up to two customers per account. 5.Qualified customers will be removed from PENDED status and receive a follow up note that confirms their enrollment. If you have questions, please contact Judith A Ramage (rama...@us.ibm.com) or call 301.240.3966 / TL 372. Workshop Description & Details Course Description This 2.5 day class will be of interest to attendees who are considering a move of Oracle to Linux on System z machines. Topics will be presented to familiarize the attendee with System z hardware technologies. Major software components will be showcased through lecture and hands on labs. Attendees will have the opportunity to perform customization activities on key z/VM system files. Linux will be covered through lectures and labs that include the install and customization of a SLES 10 64 bit system. The install and customization of Oracle 10g and the use of DBCA will be highlighted. Performance is always a topic of keen interest. The class will cover performance tools available at the z/VM, Linux and Oracle levels. Recommendations will be p
Re: Stopping java based applications
>>> On 3/31/2009 at 11:48 AM, Jack Woehr wrote: -snip- > Oh, minor terminological pedanticism: when the set is on the group we call > it setgid to differentiate from setuid. Hardly minor, since the behavior it enables is completely different from setuid. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Stopping java based applications
Mark Post wrote: Oh, minor terminological pedanticism: when the set is on the group we call it setgid to differentiate from setuid. Hardly minor, since the behavior it enables is completely different from setuid. True, but I was trying not to be /breathless/ about it, just hinting to the poster that he should dig in that direction for more info. -- Jack J. Woehr# I run for public office from time to time. It's like http://www.well.com/~jax # working out at the gym, you sweat a lot, don't get http://www.softwoehr.com # anywhere, and you fall asleep easily afterwards. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Stopping java based applications
I tend to agree that sudo is a much better way of accomplishing this,
you can embed sudo in scripts as long as the script is called
interactively. Thus it would be very simple to get some info about
the process in question (specifically uid) from either the ps command
or the /proc directory (every process is represented by a directory
immediately below /proc bearing a name which is a decimal string
equivalent to the pid.
The proper ps incantation is: ps p [pid] o euid=""
The null string ensures that only one line with the required uid is
specified (i.e. takes out the column header). Alternatively the o
option may take a key-value along the lines of ruser="" to return the
human-readable username. Sudo will happily except either uid or
username as the user argument.
So if you do:
PID = pgrep [progname]
UID = ps p $PID o euid=""
sudo -u $UID kill -15 $PID
and sudoers is properly configged you should be good
unless pgrep returns more than one pid, in which case you need a way
to specify whch instance you want to kill, perhaps you can simply omit
tat step and supply the pid directly as the first positional
parameter.
The more complex thing will be to ensure that all the users in
question have proper sudo permissions. It is VERY possible to specify
exactly which commands a user may execute as another user.
I.e. for the group of users{ bill, fred, ted, joe } and the group of
applications { appA, appB, appC } it is possible to specify that bill
ma execute all three apps as each of the other three users, fred can
execute only appB as bill, ted can execute apps A and C as fred and
joe, and joe has no permission to execute any of A,B, or C as anybody
but himself.
The syntax for doing this is described in the visudo man page.
WARNING!!! Do NOT attempt to edit the /etc/sudoers file by any other
means than executing visudo. This is required in order to ensure the
sudoers database is consistent with the flat config file.
As a supplement to the visudo and sudo man pages, you may also want to
read one of the many many sudo tutorials out there. Iirc the gentoo
forums sudo how-to is very straight-forward and applies to pretty much
any sudo installation anywhere. If your local installation differs in
any way it will most likely be in the pathname to the sudoers config
file (typically /etc/sudoers) and it will be clearly noted in the man
page.
Hope that helps,
Erik Johnson
On Tue, Mar 31, 2009 at 10:10 AM, CHAPLIN, JAMES (CTR)
wrote:
> -r--rwsr--+ 1 user group 500 Jan 21 16:23 stopServer.sh
> The setuid is set on group level.
> Removed the user execute perms as shown above, and script failed to
> "kill -p pid", got permission denied message still.
>
> Did a chmod 2474 stopServer.sh to set the bits, is this correct in what
> you are suggesting?
>
> James Chaplin
> Systems Programmer, MVS, zVM & zLinux
> Base Technologies, Inc
>
> -Original Message-
> From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of
> Jack Woehr
> Sent: Tuesday, March 31, 2009 10:28 AM
> To: LINUX-390@VM.MARIST.EDU
> Subject: Re: Stopping java based applications
>
> CHAPLIN, JAMES (CTR) wrote:
>> We want anyone in the group level to be able to also issue
>> the kill command (in the script). Is there a way to allow users in a
>> group to kill each other's started processes.
>>
>>
> You can have a script or program
>
> * with the setuid bit set
> * with the write permissions off
> * with group execute perms but no user execute perms
>
> --
> Jack J. Woehr # I run for public office from time to time.
> It's like
> http://www.well.com/~jax # working out at the gym, you sweat a lot,
> don't get
> http://www.softwoehr.com # anywhere, and you fall asleep easily
> afterwards.
>
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
>
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Stopping java based applications
This is generally considered highly insecure. The usual caveat about running userland apps as root. In fact, the generally accepted practice amongst most Linux admins is: ALWAYS issue administrative commands using sudo. NEVER log in remotely as root. ONLY log in as root w/ physical access, and ONLY if something is wrong with your sudo config. If you use these policies the root password will never be issued except on a physically secure serial line or other local bus connection, and you will never have to run even so much a s a shell as root. This is good for a variety of reasons that it is not really necessary to expound here. Basically just remember, setuid root == VERY INSECURE. Setuid anything else is really only used to give daemons access to the vfs resources they need and nothing else. Sudo is specifically designed as an answer to specifically the type of problem you are encountering here. Sudo is your friend. Sudo should ship with SLES AND RHEL. I don't recommend this on enterprise servers but some Linux distros even disable the root user by default (this is done with the lock option of the passwd command, i.e. passwd -l root. That command WILL break your system is not executed by a properly configured sudo command, 100% of the time.) Sudo is better than being root. always. Sudo is better than setuid for almost everything as well. USE SUDO!!! Erik Johnson On Tue, Mar 31, 2009 at 10:48 AM, Jack Woehr wrote: > CHAPLIN, JAMES (CTR) wrote: >> >> -r--rwsr--+ 1 user group 500 Jan 21 16:23 stopServer.sh >> The setuid is set on group level. >> > > It has to be setuid to root because only root can send signal > to other user's processes. So it has to be owned by root and > should be something like -r-sr-x--- > > Oh, minor terminological pedanticism: when the set is on the group we call > it setgid to differentiate from setuid. > > -- > Jack J. Woehr # I run for public office from time to time. It's > like > http://www.well.com/~jax # working out at the gym, you sweat a lot, don't > get > http://www.softwoehr.com # anywhere, and you fall asleep easily afterwards. > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Oracle Special Interest Group
I think if you look at the agenda of both, there is quite a difference. Tom Duerbusch wrote: This SIG seems to be the same education available, free, at other locations also. See the announcement at the bottom of this email: Tom Duerbusch THD Consulting Barton Robinson 3/30/2009 7:20 PM >>> Any one that is interested in running Oracle on "Z", the conference will be held in 3 weeks: "http://www.zseriesoraclesig.org/";. As part of the very low cost, there are added workshops included in the price. If interested in Linux and z/VM Performance as well as Oracle, this would be a perfect opportunity. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 == Announcing Customizing Linux and the Mainframe for Oracle DB Applications Available in the U.S. during Second Quarter 2009 The Washington Systems Center will offer a new "no-charge" hands-on workshop in 2Q 2009. Customizing Linux and the Mainframe for Oracle DB Applications (LXOR6) WORKSHOP |REQUESTED LOCATION| SCHEDULED DATE -+--+- | | -+--+- LXOR6|Chicago |May 5 - 7 -+--+- |New York City |May 19 - 21 -+--+- |Gaithersburg |June 9 - 11 (The course description is located at the end of this announcement and can also be found at the following IBM Field Education website: http://www.ibm.com/servers/eserver/zseries/education/topgun/enrollment This workshop is provided on a "NO FEE" basis. Travel, food and lodging expenses are the responsibility of individuals attending the class. To enroll in workshops follow the steps listed below: 1.Enrollment is By Invitation Only - Only IBM representatives are allowed to enroll their invited customers in this workshop. 2.This is a STANDBY course and as such all students are initially placed in a PENDED status until all steps below have been completed. 3.IBMers are encouraged to attend with their customers and must register using the same procedures. Go to the WEBSITE: http://www.ibm.com/servers/eserver/zseries/education/topgun/enrollment ● Click the radio button for "Wildfire Workshops" ... you automatically move to the next panel: ● Click the radio button for the workshop in which you wish to enroll your customer ... you automatically move to the next panel: ● At the top of the page the sessions will be displayed. Click on the location and date for the workshop of your choice. ● Complete all enrollee information. ● Provide a valid Siebel Opportunity Number...Note: without this information, the student will not be confirmed for attendance. ● Click on the "Submit" button when all information has been provided. 4.Because space is limited, enroll up to two customers per account. 5.Qualified customers will be removed from PENDED status and receive a follow up note that confirms their enrollment. If you have questions, please contact Judith A Ramage (rama...@us.ibm.com) or call 301.240.3966 / TL 372. Workshop Description & Details Course Description This 2.5 day class will be of interest to attendees who are considering a move of Oracle to Linux on System z machines. Topics will be presented to familiarize the attendee with System z hardware technologies. Major software components will be showcased through lecture and hands on labs. Attendees will have the opportunity to perform customization activities on key z/VM system files. Linux will be covered through lectures and labs that include the install and customization of a SLES 10 64 bit system. The install and customization of Oracle 10g and the use of DBCA will be highlighted. Performance is always a topic of keen interest. The class will c
Re: Stopping java based applications
Erik N Johnson wrote: This is generally considered highly insecure. The usual caveat about running userland apps as root. In fact, the generally accepted practice amongst most Linux admins is: ALWAYS issue administrative commands using sudo. This and Everything Erik says is True. I posted in the vein of "answer the question asked first, thus gaining cred for the lecture you intend to follow up the answer with". -- Jack J. Woehr# I run for public office from time to time. It's like http://www.well.com/~jax # working out at the gym, you sweat a lot, don't get http://www.softwoehr.com # anywhere, and you fall asleep easily afterwards. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
The Real Reason setuid is insecure
There are any number of thousands of pieces on the web about this, but the real problem with setuid is that it is a hinged chopstick. A command that you execute because you can is one security risk. You fix that by auditing the code and installing the executable such that only root almighty can write over it. A setuid command has a hinge in it, a second vulnerability. Who gets to execute it in any scenario. A setuid script is two hinges in it: Who gets to execute, and who gets to edit the script. -- Jack J. Woehr# I run for public office from time to time. It's like http://www.well.com/~jax # working out at the gym, you sweat a lot, don't get http://www.softwoehr.com # anywhere, and you fall asleep easily afterwards. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Hipersocket
Are Hipersocket devices supposed to show up in Yast as 3 different devices, where an OSA adapter shows up as 1?SLES10 SP2 IBM OSA Express Network card (0.0.1d00)│ IBM Hipersocket (0.0.0704) │Not configured │ IBM Hipersocket (0.0.0705) │Not configured │ IBM Hipersocket (0.0.0706) │Not configured -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Hipersocket
>Are Hipersocket devices supposed to show up in Yast as 3 different devices, >where an OSA adapter shows up as 1?SLES10 SP2 >IBM OSA Express Network card (0.0.1d00)│ >IBM Hipersocket (0.0.0704) │Not configured > │ >IBM Hipersocket (0.0.0705) │Not configured > │ >IBM Hipersocket (0.0.0706) │Not configured Mark, Yes, until they are configured, the OSA is the same way. John,
Re: Oracle Special Interest Group
I don't see much of a difference, that is, other than the wording. >From the Oracle SIG: Oracle on Linux on System z Workshop: In conjunction with the Oracle zSeries SIG 2009 Conference, IBM is hosting a special 'no-charge' workshop for conference attendees who are considering consolidating and moving Oracle DB workloads to a Linux environment using z/VM software and System z hardware technology. This 2.5 day workshop is designed for system administrators, DBA's, and planners considering a move of Oracle to Linux on System z, and offers practical, hands-on experience through a combination of lectures and labs to install and configure SUSE Linux. A hands-on customization of z/VM will be performed to establish an environment for a Linux system. The workshop includes the installation and customization of Oracle 10g, and will include a discussion of performance tooling for Linux and z/VM that can be used to monitor and tune the system environment. >From the IBM Announcement: This 2.5 day class will be of interest to attendees who are considering a move of Oracle to Linux on System z machines. Topics will be presented to familiarize the attendee with System z hardware technologies. Major software components will be showcased through lecture and hands on labs. Attendees will have the opportunity to perform customization activities on key z/VM system files. Linux will be covered through lectures and labs that include the install and customization of a SLES 10 64 bit system. The install and customization of Oracle 10g and the use of DBCA will be highlighted. Performance is always a topic of keen interest. The class will cover performance tools available at the z/VM, Linux and Oracle levels. Recommendations will be presented on maximizing Oracle performance on Linux on System z. Other topics will cover various options available to gather and process performance data. The Class will wrap up with a discussion on tools and services available for sizing workloads being considered, for a move to Linux on System z. Part of this discussion will also encompass server consolidation to System z machines in addition to a discussion on ROI and TCO factors. Both specify: 1. From IBM. 2. No charge. 3. 2.5 days 4. Moving Oracle to Linux on System z machines. 5. Install and configure SUSE Linux. 6. Install and customization of Oracle 10g. 7. Performance tools. Sorry, I don't see the difference. What am I over looking? Tom Duerbusch THD Consulting >>> Barton Robinson 3/31/2009 12:09 PM >>> I think if you look at the agenda of both, there is quite a difference. Tom Duerbusch wrote: > This SIG seems to be the same education available, free, at other > locations also. > > See the announcement at the bottom of this email: > > Tom Duerbusch > THD Consulting > Barton Robinson 3/30/2009 7:20 > PM >>> > Any one that is interested in running Oracle on "Z", the conference > will > be held in 3 weeks: "http://www.zseriesoraclesig.org/";. > > As part of the very low cost, there are added workshops included in > the > price. If interested in Linux and z/VM Performance as well as Oracle, > this would be a perfect opportunity. > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 > or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > == > > > > Announcing > > Customizing Linux and the Mainframe for Oracle DB > Applications > Available in the > > U.S. during Second Quarter 2009 > > > > > > > > > > The Washington Systems Center will offer a new "no-charge" hands-on > workshop in 2Q 2009. > > > Customizing Linux and the Mainframe for Oracle DB Applications > (LXOR6) > >WORKSHOP |REQUESTED LOCATION| SCHEDULED DATE > -+--+- > | | > -+--+- > LXOR6|Chicago |May 5 - 7 > -+--+- > |New York City |May 19 - 21 > -+--+- > |Gaithersburg
Re: Hipersocket
Not having any luck with Hipersockets in SLES10, working great in SLES9 Does this look correct for a Hipersocket device in SLES10? sles002:/etc/sysconfig/hardware # cat hwcfg-qeth-bus-ccw-0.0.0704 CCW_CHAN_IDS='' CCW_CHAN_MODE='' CCW_CHAN_NUM='3' LCS_LANCMD_TIMEOUT='' MODULE='' MODULE_OPTIONS='' QETH_IPA_TAKEOVER='0' QETH_LAYER2_SUPPORT='0' QETH_OPTIONS='' SCRIPTDOWN='hwdown-ccw' SCRIPTUP='hwup-ccw' SCRIPTUP_ccw='hwup-ccw' SCRIPTUP_ccwgroup='hwup-qeth' STARTMODE='auto' I'm getting these messages at startup. Waiting for mandatory devices: qeth-bus-ccw-0.0.0704 qeth-bus-ccw-0.0.0705 qeth-bus-ccw-0.0.0706 __NSC__ 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 qeth-bus-ccw-0.0.0704 No interface found [1A..failedqeth-bus-ccw-0.0.0705 No interface found [1A..failedqeth-bus-ccw-0.0.0706 No interface found [1A..failedSetting up service network . . . . . . . . . . . . . . . ...failed And I've verified that the devices are connected to the guest. 2009/3/31 John Schnitzler Jr > > >Are Hipersocket devices supposed to show up in Yast as 3 different > devices, > >where an OSA adapter shows up as 1?SLES10 SP2 > > >IBM OSA Express Network card (0.0.1d00)│ > >IBM Hipersocket (0.0.0704) │Not configured > > │ > >IBM Hipersocket (0.0.0705) │Not configured > > │ > >IBM Hipersocket (0.0.0706) │Not configured > > > Mark, Yes, until they are configured, the OSA is the same way. > > John, -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Hipersocket
Look at this manual..don't worry about the title..It has a great write up and directions on HIPER. We just went from SLES9 th 10 and I use the instructions: http://www.redbooks.ibm.com/redpieces/pdfs/sg246847.pdf example: echo 0.0.b500,0.0.b501,0.0.b502 > /sys/bus/ccwgroup/drivers/qeth/group echo 1 > /sys/devices/qeth/0.0.b500/online . cat /sys/devices/qeth/0.0.b500/if_name . response should be hsi0 ifconfig hsi0 xx.xxx.xxx.xxx netmask 255.255.255.0 mtu 32768 up mpac...@gmail.com Sent by: LINUX-390@VM.MARIST.EDU 03/31/2009 12:42 PM Please respond to LINUX-390@VM.MARIST.EDU To LINUX-390@VM.MARIST.EDU cc Subject Re: Hipersocket Not having any luck with Hipersockets in SLES10, working great in SLES9 Does this look correct for a Hipersocket device in SLES10? sles002:/etc/sysconfig/hardware # cat hwcfg-qeth-bus-ccw-0.0.0704 CCW_CHAN_IDS='' CCW_CHAN_MODE='' CCW_CHAN_NUM='3' LCS_LANCMD_TIMEOUT='' MODULE='' MODULE_OPTIONS='' QETH_IPA_TAKEOVER='0' QETH_LAYER2_SUPPORT='0' QETH_OPTIONS='' SCRIPTDOWN='hwdown-ccw' SCRIPTUP='hwup-ccw' SCRIPTUP_ccw='hwup-ccw' SCRIPTUP_ccwgroup='hwup-qeth' STARTMODE='auto' I'm getting these messages at startup. Waiting for mandatory devices: qeth-bus-ccw-0.0.0704 qeth-bus-ccw-0.0.0705 qeth-bus-ccw-0.0.0706 __NSC__ 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 qeth-bus-ccw-0.0.0704 No interface found [1A..failedqeth-bus-ccw-0.0.0705 No interface found [1A..failedqeth-bus-ccw-0.0.0706 No interface found [1A..failedSetting up service network . . . . . . . . . . . . . . . ...failed And I've verified that the devices are connected to the guest. 2009/3/31 John Schnitzler Jr > > >Are Hipersocket devices supposed to show up in Yast as 3 different > devices, > >where an OSA adapter shows up as 1?SLES10 SP2 > > >IBM OSA Express Network card (0.0.1d00)│ > >IBM Hipersocket (0.0.0704) │Not configured > > │ > >IBM Hipersocket (0.0.0705) │Not configured > > │ > >IBM Hipersocket (0.0.0706) │Not configured > > > Mark, Yes, until they are configured, the OSA is the same way. > > John, -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation.
Re: Hipersocket
>>> On 3/31/2009 at 3:42 PM, Mark Pace wrote: > Not having any luck with Hipersockets in SLES10, working great in SLES9 > Does this look correct for a Hipersocket device in SLES10? No. There was a regression (I can't quite call it a bug) in SP2 where going in to YaST to configure an interface, the device numbers were not pre-populated as they had been previously. There's a fix for that coming out, but I'm not sure just when. > sles002:/etc/sysconfig/hardware # cat hwcfg-qeth-bus-ccw-0.0.0704 > CCW_CHAN_IDS='' You need to have this look like this: CCW_CHAN_IDS=''0.0.0704 0.0.0705 0.0.0706" And only have the one for 0.0.0704, not the other two. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Hipersocket
Thank you! 2009/3/31 > Look at this manual..don't worry about the title..It has a great write up > and directions on HIPER. > We just went from SLES9 th 10 and I use the instructions: > > http://www.redbooks.ibm.com/redpieces/pdfs/sg246847.pdf > > > example: > echo 0.0.b500,0.0.b501,0.0.b502 > /sys/bus/ccwgroup/drivers/qeth/group > echo 1 > /sys/devices/qeth/0.0.b500/online > . cat /sys/devices/qeth/0.0.b500/if_name > . response should be hsi0 > ifconfig hsi0 xx.xxx.xxx.xxx netmask 255.255.255.0 mtu 32768 up > > > > mpac...@gmail.com > Sent by: LINUX-390@VM.MARIST.EDU > 03/31/2009 12:42 PM > Please respond to > LINUX-390@VM.MARIST.EDU > > > To > LINUX-390@VM.MARIST.EDU > cc > > Subject > Re: Hipersocket > > > > > > > Not having any luck with Hipersockets in SLES10, working great in SLES9 > Does this look correct for a Hipersocket device in SLES10? > > sles002:/etc/sysconfig/hardware # cat hwcfg-qeth-bus-ccw-0.0.0704 > CCW_CHAN_IDS='' > CCW_CHAN_MODE='' > CCW_CHAN_NUM='3' > LCS_LANCMD_TIMEOUT='' > MODULE='' > MODULE_OPTIONS='' > QETH_IPA_TAKEOVER='0' > QETH_LAYER2_SUPPORT='0' > QETH_OPTIONS='' > SCRIPTDOWN='hwdown-ccw' > SCRIPTUP='hwup-ccw' > SCRIPTUP_ccw='hwup-ccw' > SCRIPTUP_ccwgroup='hwup-qeth' > STARTMODE='auto' > > I'm getting these messages at startup. > Waiting for mandatory devices: qeth-bus-ccw-0.0.0704 > qeth-bus-ccw-0.0.0705 > qeth-bus-ccw-0.0.0706 __NSC__ > 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 >qeth-bus-ccw-0.0.0704 No interface found > [1A..failedqeth-bus-ccw-0.0.0705 No interface found > [1A..failedqeth-bus-ccw-0.0.0706 No interface found > [1A..failedSetting up service network . . . . . . . . . . . . > . > . . ...failed > > And I've verified that the devices are connected to the guest. > 2009/3/31 John Schnitzler Jr > > > > > >Are Hipersocket devices supposed to show up in Yast as 3 different > > devices, > > >where an OSA adapter shows up as 1?SLES10 SP2 > > > > >IBM OSA Express Network card (0.0.1d00)│ > > >IBM Hipersocket (0.0.0704) │Not configured > > > │ > > >IBM Hipersocket (0.0.0705) │Not configured > > > │ > > >IBM Hipersocket (0.0.0706) │Not configured > > > > > > Mark, Yes, until they are configured, the OSA is the same way. > > > > John, > > > > > -- > Mark Pace > Mainline Information Systems > 1700 Summit Lake Drive > Tallahassee, FL. 32317 > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > > > If you are not the intended addressee, please inform us immediately that > you have received this e-mail in error, and delete it. We thank you for your > cooperation. -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Hipersocket
The ccwchanids need to be filled in. Sles9 would autosense the three devices associated with the group device, sles10 does not. You actually have to put in the 0.0704,0.0.0705,0.0.0706 between the quotes. Ron Sent via BlackBerry by AT&T -Original Message- From: "roger.ship...@daimler.com" Date: Tue, 31 Mar 2009 14:47:49 To: LINUX-390@VM.MARIST.EDU Subject: Re: Hipersocket Look at this manual..don't worry about the title..It has a great write up and directions on HIPER. We just went from SLES9 th 10 and I use the instructions: http://www.redbooks.ibm.com/redpieces/pdfs/sg246847.pdf example: echo 0.0.b500,0.0.b501,0.0.b502 > /sys/bus/ccwgroup/drivers/qeth/group echo 1 > /sys/devices/qeth/0.0.b500/online . cat /sys/devices/qeth/0.0.b500/if_name . response should be hsi0 ifconfig hsi0 xx.xxx.xxx.xxx netmask 255.255.255.0 mtu 32768 up mpac...@gmail.com Sent by: LINUX-390@VM.MARIST.EDU 03/31/2009 12:42 PM Please respond to LINUX-390@VM.MARIST.EDU To LINUX-390@VM.MARIST.EDU cc Subject Re: Hipersocket Not having any luck with Hipersockets in SLES10, working great in SLES9 Does this look correct for a Hipersocket device in SLES10? sles002:/etc/sysconfig/hardware # cat hwcfg-qeth-bus-ccw-0.0.0704 CCW_CHAN_IDS='' CCW_CHAN_MODE='' CCW_CHAN_NUM='3' LCS_LANCMD_TIMEOUT='' MODULE='' MODULE_OPTIONS='' QETH_IPA_TAKEOVER='0' QETH_LAYER2_SUPPORT='0' QETH_OPTIONS='' SCRIPTDOWN='hwdown-ccw' SCRIPTUP='hwup-ccw' SCRIPTUP_ccw='hwup-ccw' SCRIPTUP_ccwgroup='hwup-qeth' STARTMODE='auto' I'm getting these messages at startup. Waiting for mandatory devices: qeth-bus-ccw-0.0.0704 qeth-bus-ccw-0.0.0705 qeth-bus-ccw-0.0.0706__NSC__ 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 qeth-bus-ccw-0.0.0704 No interface found [1A..failedqeth-bus-ccw-0.0.0705 No interface found [1A..failedqeth-bus-ccw-0.0.0706 No interface found [1A..failedSetting up service network . . . . . . . . . . . . . . . ...failed And I've verified that the devices are connected to the guest. 2009/3/31 John Schnitzler Jr > > >Are Hipersocket devices supposed to show up in Yast as 3 different > devices, > >where an OSA adapter shows up as 1?SLES10 SP2 > > >IBM OSA Express Network card (0.0.1d00)│ > >IBM Hipersocket (0.0.0704) │Not configured > > │ > >IBM Hipersocket (0.0.0705) │Not configured > > │ > >IBM Hipersocket (0.0.0706) │Not configured > > > Mark, Yes, until they are configured, the OSA is the same way. > > John, -- Mark Pace Mainline Information Systems 1700 Summit Lake Drive Tallahassee, FL. 32317 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation.
Re: Hipersocket
Mark, I haven't specifically worked on a Hipersocket in SLES10 yet, the few machines I have that utilize them are not yet upgraded from SLES9->10 yet. BUT I have had the exact same problem as you with regular QETH devices. It seems that YaST doesn't always properly configure and then hwup the device after setup, so I wrote a script to setup my devices for me. In my case I blamed this on the fact that I've mainly been working with shared Read-Only root machines and the one R/W machine I tried adding a qeth device to with YaST succeeded. So, for you to get setup with what you have there.. In /etc/sysconfig/hardware/hwcfg-qeth-bus-ccw-0.0.0704... CCW_CHAN_IDS='0.0.0704 0.0.0705 0.0.0706' CCW_CHAN_MODE='dontcare' Then just make sure your /etc/sysconfig/hardware/ifcfg-hsi-bus-ccw-0.0.0704 is properly configured, for me YaST had this part correct after I had attempted to set it up if I remember right. Finally, just give it a: hwup hsi-bus-ccw-0.0.0704 The script I wrote just does all the above with sed and some partially-configured template files. Hopefully that works for you. I'm by no means an expert on any of this, I just went back to my SLES9 machines and did some comparison until I got a device up and running manually. Kyle Black Mark Pace wrote: > Not having any luck with Hipersockets in SLES10, working great in SLES9 > Does this look correct for a Hipersocket device in SLES10? > > sles002:/etc/sysconfig/hardware # cat hwcfg-qeth-bus-ccw-0.0.0704 > CCW_CHAN_IDS='' > CCW_CHAN_MODE='' > CCW_CHAN_NUM='3' > LCS_LANCMD_TIMEOUT='' > MODULE='' > MODULE_OPTIONS='' > QETH_IPA_TAKEOVER='0' > QETH_LAYER2_SUPPORT='0' > QETH_OPTIONS='' > SCRIPTDOWN='hwdown-ccw' > SCRIPTUP='hwup-ccw' > SCRIPTUP_ccw='hwup-ccw' > SCRIPTUP_ccwgroup='hwup-qeth' > STARTMODE='auto' > > I'm getting these messages at startup. > Waiting for mandatory devices: qeth-bus-ccw-0.0.0704 qeth-bus-ccw-0.0.0705 > qeth-bus-ccw-0.0.0706 __NSC__ > 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 > qeth-bus-ccw-0.0.0704 No interface found > [1A..failedqeth-bus-ccw-0.0.0705 No interface found > [1A..failedqeth-bus-ccw-0.0.0706 No interface found > [1A..failedSetting up service network . . . . . . . . . . . . . > . . ...failed > > And I've verified that the devices are connected to the guest. > 2009/3/31 John Schnitzler Jr > > >>> Are Hipersocket devices supposed to show up in Yast as 3 different >>> >> devices, >> >>> where an OSA adapter shows up as 1?SLES10 SP2 >>> >>> IBM OSA Express Network card (0.0.1d00)│ >>> IBM Hipersocket (0.0.0704) │Not configured >>> │ >>> IBM Hipersocket (0.0.0705) │Not configured >>> │ >>> IBM Hipersocket (0.0.0706) │Not configured >>> >> Mark, Yes, until they are configured, the OSA is the same way. >> >> John, >> > > > > > -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Failed Setting up service network
Hi , Do you have console access to your linux box ? If you have look at the /sys/class/net to discover if you have a the device properly configured at your system . You could also look at the /sys/bus/ccwgroup/drivers/qeth to see if your channel addres was identified by linux . If a ls at /*sys*/bus/*ccw*/devices/ you could determine the address that you can configure at your linux box . I my opinion that is the start to know if your devices is OK to use . Best Regards, Saulo Augusto Silva 2009/3/30 Saul Thersites > I have SLES 10 service pack 2 > I just did a POR and the system does not boot up with a command prompt. > > qeth-bus-ccw-0.0.0900 no interface found > > 1A failed setting up service network > > ifup: No configuration found for sit0 <-- it just sits at this line > > any ideas? > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Solaris v. Linux
Shane Ginnane wrote: You are quite right John there are problems with the CDDL. Linus is dead against this - end of discussion I would have thought. And considering his rants re ext4 recently, who'd be game to attempt to merge ZFS even if it was possible :-) And so we _really_ need yet another overloaded TLA ?. Go tell your MVS sysprogs the licensing for ZFS is not acceptable and watch their jaws drop ... What is acceptable depends on your goals. IBM found it acceptable to release OCO code. RH did not find it acceptable. Lots of users were happy to use it (and you'd have to think that few mainframe users have an absolute prohibition on OCO, mostly they're using VM after all). However, sometimes licence conflicts determine what can be done. GPL-licence code cannot be mixed with code released under other licences - any that keep source code secret for starters. It is not open to Oracle to incorporate code from bash into Oracle. It's not permissible to alter the Linux kernel and release the result without source code, and companies have been sued sucessfully for this violation. Ask Dlink. Its also possible for a licence to prohibit release of source code. MS owns large parts of OS/2. -- Cheers John -- spambait 1...@coco.merseine.nu z1...@coco.merseine.nu -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: The Real Reason setuid is insecure
Jack Woehr wrote: There are any number of thousands of pieces on the web about this, but the real problem with setuid is that it is a hinged chopstick. A command that you execute because you can is one security risk. You fix that by auditing the code and installing the executable such that only root almighty can write over it. A setuid command has a hinge in it, a second vulnerability. Who gets to execute it in any scenario. A setuid script is two hinges in it: Who gets to execute, and who gets to edit the script. What are you carrying on about? Oh, I see. It's April Fool's day. -- Cheers John -- spambait 1...@coco.merseine.nu z1...@coco.merseine.nu -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
