How to deal with SUID and SGID?

How to deal with SUID and SGID?

SUID

If you own an executable, and another person issues the executable, then it runs with your permission and not his.

A Good example of the use of suid is "whoami” command.

$ whoami
lee

$ sudo chmod u+s /usr/bin/whoami

$ whoami
root

$ sudo chmod u-s /usr/bin/whoami

Example: 2

Another Good example of the use of SUID bit is /usr/bin/passwd.

Only root user has permission to modify the /etc/passwd file. If that’s the case, how can a normal user change his password.

# ls -l /etc/passwd

-rw-r–r– 1 root sys 6001 Aug 27 10:00 /etc/passwd

#ls -l /usr/bin/passwd

-r-sr-sr-x 1 root sys 27228 Aug 16 2007 /usr/bin/passwd

 /usr/bin/passwd has it’s SUID bit set. That means, irrespective of the user who is invoking the passwd program, the program always executes as the owner of the file (here root), granting it permission to modify /etc/passwd file.

Example: 3

             -rwxrwxrwx       lee     admin                 test1

           -rwx------            lee     admin                 test2

  Here, the test1 is the script which is intended to write some content to the test2.   Because test1 have exe permissions for others, others can run this script but others dont have write permissions to test2 and hence it will give error    .

Solution is to enable the suid.

   .

                      -rwsrwxrwx        lee     admin      test1

                   -rwx------           lee      admin         test2

Now the program runs as if the owner is executing hence the others can write data to the test2

And what is SGID used for ?

 It is used when you want a program to execute always as a member of it’s owners group.

# chmod 2754 test.sh

# ls -l

total 2 -rwxr-sr– 1 a435104 ccusers 50 Oct 17 05:28 test.sh

 * 4000 (chmod u+s) is suid; for files execute as owning user (often root).

 * 2000 (chmod g+s) is sgid; for files execute as owning group (often root); 

for directories the group on newly created files will be set to the directory’s group rather than the creator’s group. Typically used for shared directories.

If you happy with the above topic, please leave a comments/reactions.

How to find out the vio server details from vio client on AIX 5.3?

How to find out the vio server details from vio client on AIX 5.3?

Using kdb, we can easily trace the vscsi configuration in aix. This command will save much time when we compare with the old method to do the same.

#echo "cvai" | kdb | grep vscsi

read vscsi_scsi_ptrs OK, ptr = 0x59A03C0
vscsi0 0x000007 0x0000000000 0x0 vios1->vhost8
vscsi1 0x000007 0x0000000000 0x0 vios2->vhost8

Most of us think that we cannot execute the above command to fetch the vio server information on AIX 5.3, thats wrong. Still we can use kdb command to get the information.

1. Simply executing the kdb command on the aix prompt

# kdb
You will receive a prompt like this:
0> 


2. Load the cvscsi autoload function (note: this function is already loaded by default on AIX 6.1 systems.)

0> cvscsi

read vscsi_scsi_ptrs OK, ptr = 0x59A03C0

Autoload function /usr/lib/ras/autoload/cvscsi64.kdb was successfully executed

3. Then we can check the vscsi adapter details, using the cvai function:

0)> cvai

If you want only for a particular vscsi, we can use - cvai vscsix

Below will be the o/p:

unit_id: 0x30000001 partition_num: 0x1 partition_name: lparname
capability_level: 0x0 location_code: priv_cap: 0x1 host_capability: 0x0 host_name: vhostx
host_location:heart_beat_enabled: 0x1 sample_time: 0x1F Ping_response_time: 0x2D, Host part_number: 0x2 : OS_type: 0x3 

host part_name: VIO NAME

..........

Using the above output we can find out the 'host_part_name' for the hostname of the VIO server serving this adapter and host_name for the associated vhost adapter.

getconf vs bootinfo commands in aix?

getconf vs bootinfo commands in aix?

We are not suppose to use bootinfo commads as it is deprecated. Some of the banking project, they wont use bootinfo commands. Lets see the equvalent command for bootinfo.

Description	GETCONF	BOOTINFO
To find out last boot device	getconf BOOT_DEVICE	bootinfo -b
To find out the size of the disks	getconf DISK_SIZE /dev/hdisk0	bootinfo -s hdisk0
To find out the real memory	getconf REAL_MEMORY	bootinfo -r
To find hardware bit mode	getconf HARDWARE_BITMODE	bootinfo –K
To find out the kernal bit mode	getconf KERNEL_BITMODE	bootinfo -y

if you happy with the above article, please leave your reactions/comments

How to install filesets/software in aix?

How to install filesets/software in aix?

To install the fileset from the cd:

First create the directory (mount point)   #mkdir cdmnt

Mount the cdrom    #mount –v cdrfs –o ro /dev/cd0 /cdmnt

Then go to /cdmnt folder  #cd cdmnt

To find the file set using command:  #installp –Ld /dev/cd0|grep bos.perf*

To install the fileset using #installp –agxpd /dev/cd0   (for preview)

To install the fileset using #installp –agxd /dev/cd0    (for installation)

To install the fileset in commit : #installp –acgXd /dev/cd0   filesetname  (important)

To install the filesets with options:

#installp –agxpd /dev/cd0   (to install)

 #installp –rg filesetname (to reject the applied fileset)

#installp –cgx filesetname (to commit the applied fileset (permanent installation)

#installp –ugp filesetname ( to remove the fileset)

#installp -s         --> check if any os filesets in applied mode

#installp –C (to clear the broken fileset)

Flags:

a –  Applied the fileset, 

r-    Reject the fileset,   

c-   Commit the fileset,  

C - To clear the broken filesets

f -  Files available

w-  Find which fileset,

h-  History,

u-  Remove.

lppchk and lslpp functionality

#lppchk –v filesetname ( to check the consistency of the fileset.)(verify the installed fileset)

#lppchk –vm3      --> check currently installed filesets are consistent

#lslpp –f filesetname (what are the files available in fileset)

#lslpp –w /usr/bin/ls (To find the file, which is installed from which fileset)

#lslpp –h filesetname ( to find the history of the fileset and findout the level of the OS)

If you happy with the above topic, please leave your reactions and comments.

How to restore mksysb image from tape drive in aix?

How to restore mksysb image from tape drive in aix?

    1. Make sure that tape drive is attached to the machine

    2. Boot the server in to the SMS mode.

    3. Select multibootàbootsequence àset boolist to tape drive and exit

    4. Then server starts booting from tape, press F1 & enter  to configure console

    5. Press 1 and enter to  select English as language during install.

    6. Select  “starts maintenance mode for system recovery”

    7. Select “install from the system backup”

    8. Provide the options such as disk, where it need  to be restored

    9. Then it will starts restoring data from tape to disk

If you happy with the above topic, please leave your reactions/comments

How to perform savevg and restvg in aix?

How to perform savevg and restvg in aix?

Note: Savevg is to take the backup of the non-rootvg.

The below screenshot would explain to you about how to take savevg and restvg:

As per the above screenshot, testvg has only one filesystem named /testfs

That /testfs has only one file named "profiles.tar.gz" 

SAVEVG:

1) savevg command executed and take the backup of the testvg,  on the rootvg ( that is the destination place of the backup is rootvg)  as we have much available space on the rootvg.

2) unmount the /testfs filesystem

3) varyoff the testvg volume group

4) Remove the volume group using exportvg command

5) Now the testvg volume group has been removed and the disk has to be in none.

RESTVG:

6) Execute the restvg command "restvg -q -f /rootvg hdisk1" and restore it on the hdisk1

7) It will create the volume group with the same name on the hdisk1 and restore the content

8) Once the restore done, we confirm the content of the VG (that the /testfs filesystem is restored )

If you happy with the above topic, please leave your reactions/comments.