Re: potential issue of swlist permission (138 Views)
Reply
Trusted Contributor
Victor_5
Posts: 739
Registered: ‎03-19-2001
Message 1 of 6 (138 Views)
Accepted Solution

potential issue of swlist permission

[ Edited ]

I posted a new one continue with my last one

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xd3517bb04b5cd611abdb0090277a778c,00.html

Questions:
1. Any potential issue to disable r/x for others?
2. How to disable remote swlist?

Thanks.

 

 

P.S. This thread has been moved from HP-UX > General to  HP-UX > patches - HP Forums Moderator

Honored Contributor
harry d brown jr
Posts: 8,418
Registered: ‎12-12-2000
Message 2 of 6 (138 Views)

Re: potential issue of swlist permission

None, unless you have regular users that need access to swlist, or installing packages, of which I would personally never allow!

live free or die
harry
Live Free or Die
Acclaimed Contributor
James R. Ferguson
Posts: 21,184
Registered: ‎07-06-2000
Message 3 of 6 (138 Views)

Re: potential issue of swlist permission

Hi Victor:

As far as I know, there isn't a problem restricting the permissions here. You might be interested to know, however, that software like 'swlist' is but a copy of a binary shared among eleven objects. Do: 'ls -il /usr/sbin/sw*' to expose them. ;-)

Regards!

...JRF...
Honored Contributor
MANOJ SRIVASTAVA
Posts: 1,885
Registered: ‎07-10-2000
Message 4 of 6 (138 Views)

Re: potential issue of swlist permission

Hi Victor

It is like what you desire , if you want only root ot run it then that is the solution , incase you want to exnted to groups etc then you can try other modes too. But it works fine with root and this is only accessed by root when you do stuff like swinstall so you should be good to go.


Manoj Srivastava
Honored Contributor
Helen French
Posts: 3,934
Registered: ‎07-11-2000
Message 5 of 6 (138 Views)

Re: potential issue of swlist permission

Hi Victor:

OK ..posting here again ..

I have mentioned that point, because normally the permissions set to the commands and utilities in /usr, /usr/sbin, /etc are very OS specific. You should be very careful when changing the permissions or ownership of those files.

I will give you an eg: My oracle dba once reported an error starting the database -"permission denied". The problem reported to metalink and the solution was to check the permission of 'lanscan' command. In that case the permission of lanscan was incorrect when I checked it.

Like this, in your case if any dba/developer install or update any application/program which in turn calls 'swlist', then there are chances that you unnecessary spending time on it !

Sorry, if I was confusing you.

my 2 cents ..
Shiju
Life is a promise, fulfill it!
Honored Contributor
Helen French
Posts: 3,934
Registered: ‎07-11-2000
Message 6 of 6 (138 Views)

Re: potential issue of swlist permission

Hi Victor:

For the second question - remote restriction for swlist - You may consider using 'swacl' command. See man swacl for more details. The files under /var/adm/sw/security are used for these purposes.

HTH,
Shiju
Life is a promise, fulfill it!
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.