Professional Web Applications Themes

unable to get pty as non-root? - Sun Solaris

We recently replaced a bunch of the nodes on our (NIS/Sol8/SPARC) network. All of the replacement machines took the hostname of the machine they replaced. One (yes, only one) of the node has the following problem: o anyone can telnet to the box o nobody can log with a CDE/OpenWin/Failsafe session except root o if Failsafe is chosen, a dtterm pops up, but is blank, and a popup error says "unable to get pty" o if a CDE/OpenWin is chose, then the screen shows dtWelcome, then the login screen reappears. o when logged in the machine as root, root can ...

  1. #1

    Default unable to get pty as non-root?

    We recently replaced a bunch of the nodes on our (NIS/Sol8/SPARC)
    network. All of the replacement machines took the hostname of the
    machine they replaced.

    One (yes, only one) of the node has the following problem:
    o anyone can telnet to the box
    o nobody can log with a CDE/OpenWin/Failsafe session except root
    o if Failsafe is chosen, a dtterm pops up, but is blank, and a popup
    error says "unable to get pty"
    o if a CDE/OpenWin is chose, then the screen shows dtWelcome, then the
    login screen reappears.
    o when logged in the machine as root, root can su to other users
    o nobody can do an rlogin to another machine, but you can telnet to
    another machine.
    o no filesystems are full

    Any ideas?

    ~Shea M.

    Shea Guest

  2. #2

    Default Re: unable to get pty as non-root?

    In article <5chfb.5743$f7.358046localhost>,
    Shea Martin <com> wrote: 

    My first guess is some misguided sysadmin turned off the setuid flags on a
    bunch of programs like rlogin and su.

    --
    Barry Margolin, com
    Level(3), Woburn, MA
    *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
    Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
    Barry Guest

  3. #3

    Default Re: unable to get pty as non-root?

    In article <Xbhfb.165$level3.com>,
    Barry Margolin <com> writes: 
    >
    > My first guess is some misguided sysadmin turned off the setuid flags on a
    > bunch of programs like rlogin and su.
    >[/ref]

    And for the ptys specifically, probably also /usr/lib/pt_chmod, which
    should be 4111 root:bin.

    --
    mailto:smart.net http://www.smart.net/~rlhamil
    Richard Guest

  4. #4

    Default Re: unable to get pty as non-root?

    Barry Margolin <com> writes:
     [/ref]
     


    Or perhaps more to the point: /usr/lib/pt_chmod


    Casper
    Casper Guest

  5. #5

    Default Re: unable to get pty as non-root?

    Barry Margolin <com> writes in comp.unix.solaris:
    |My first guess is some misguided sysadmin turned off the setuid flags on a
    |bunch of programs like rlogin and su.

    Or did something truly silly like mount /usr nosuid.

    --
    __________________________________________________ ______________________
    Alan Coopersmith calberkeley.org
    http://www.CSUA.Berkeley.EDU/~alanc/ aka: COM
    Working for, but definitely not speaking for, Sun Microsystems, Inc.
    Alan Guest

  6. #6

    Default Re: unable to get pty as non-root?

    Richard L. Hamilton wrote: 
    >>
    >>My first guess is some misguided sysadmin turned off the setuid flags on a
    >>bunch of programs like rlogin and su.
    >>[/ref]
    >
    >
    > And for the ptys specifically, probably also /usr/lib/pt_chmod, which
    > should be 4111 root:bin.
    >[/ref]
    chmod 4111 /usr/lib/pt_chmod
    chmod 4755 `which su`
    chmod 4755 `which rlogin`

    Everything works now. Now to find out how they got that way? Hopefully
    nothing else has ed up permissions that might trip us up on down
    the road.

    Thanks,

    ~S

    Shea Guest

  7. #7

    Default Re: unable to get pty as non-root?

    In article <320gb.6291$f7.373969localhost>,
    Shea Martin <com> wrote: 
    >chmod 4111 /usr/lib/pt_chmod
    >chmod 4755 `which su`
    >chmod 4755 `which rlogin`
    >
    >Everything works now. Now to find out how they got that way? Hopefully
    > nothing else has ed up permissions that might trip us up on down
    >the road.[/ref]

    pkgchk is your friend. It has an option to fix all the permissions.

    --
    Barry Margolin, com
    Level(3), Woburn, MA
    *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
    Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
    Barry Guest

  8. #8

    Default Re: unable to get pty as non-root?

    Barry Margolin <com> wrote: 
    >>chmod 4111 /usr/lib/pt_chmod
    >>chmod 4755 `which su`
    >>chmod 4755 `which rlogin`
    >>
    >>Everything works now. Now to find out how they got that way? Hopefully
    >> nothing else has ed up permissions that might trip us up on down
    >>the road.[/ref][/ref]
     

    I was about to say something about it not working in this case. The man
    page (Solaris 8 02/02) has this caveat.

    [...]
    All file attributes will be set to
    agree with the entries in the pkgmap file except that
    setuid, setgid, and sticky bits will not be set in the
    mode.

    Except it appears to set the setuid bit also...

    # chmod 111 /usr/lib/pt_chmod
    # ls -l /usr/lib/pt_chmod
    ---x--x--x 1 root bin 4488 Mar 6 2002 /usr/lib/pt_chmod*
    # pkgchk -f SUNWcsu
    ERROR: /usr/share/lib/termcap
    file size <136663> expected <137359> actual
    file cksum <35225> expected <23929> actual
    # ls -l /usr/lib/pt_chmod
    ---s--x--x 1 root bin 4488 Jan 23 2002 /usr/lib/pt_chmod*

    Hmm... good.. I think...

    I suppose it won't set it if the checksum is different...

    <replace with stupid shell script, perms 755>
    # pkgchk -f SUNWcsu
    ERROR: /usr/lib/pt_chmod
    file size <4488> expected <23> actual
    file cksum <22192> expected <1761> actual
    ERROR: /usr/share/lib/termcap
    file size <136663> expected <137359> actual
    file cksum <35225> expected <23929> actual
    # ls -l /usr/lib/pt_chmod
    ---s--x--x 1 root bin 23 Jan 23 2002 /usr/lib/pt_chmod*

    Hmmm.. it does set them then, too. Ouch... Best read the output of
    pkgchk and not assume it's doing good things.

    % /usr/lib/pt_chmod
    hello

    --
    Darren Dunham com
    Unix System Administrator Taos - The SysAdmin Company
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >
    Darren Guest

Similar Threads

  1. 2.6.1 and Unable to mount Root partition
    By JVarsoke in forum Linux Setup, Configuration & Administration
    Replies: 6
    Last Post: January 13th, 06:50 AM
  2. Unable to mount root fs ...... !!!!!!
    By babas666 in forum Linux Setup, Configuration & Administration
    Replies: 2
    Last Post: October 31st, 07:49 AM
  3. KERNEL PANIC: VFS: Unable to mount root fs on 01:00
    By Paul A Morgan in forum Linux Setup, Configuration & Administration
    Replies: 0
    Last Post: July 18th, 07:19 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139