07/29/96, 4FAX# 4509 Login Problems with Non-Root Users in AIX SPECIAL NOTICES Information in this document is correct to the best of our knowledge at the time of this writing. Please send feedback by fax to "AIXServ Information" at (512) 823-4009. Please use this information with care. IBM will not be responsible for damages of any kind resulting from its use. The use of this information is the sole responsibility of the customer and depends on the customer's ability to eval- uate and integrate this information into the customer's operational environment. ABOUT THIS DOCUMENT This document describes certain login and permissions prob- lems for non-root users and how they can be solved by checking permissions, owner, and group for certain directo- ries and files. This document is applicable to AIX version 3.2 and 4.1. SYMPTOMS | Some or all users (possibly including root) get: | 3004-010 failed setting terminal ownership and mode | and is usually indicative of a broken or missing group file. | The primary group for that user as found in /etc/passwd | cannot be found in the /etc/group file. | tps:!:215:1::/u/tps:/bin/ksh | * | *In this example, the group is 1. Check /etc/group and make | sure the group #1 exists. o Only root can login; normal users get: 3004-009 failed running login shell or system unavailable or o The command "su - user_name" returns: 3004-505 Cannot set process environment or o After the login, the user sees: Login Problems with Non-Root Users in AIX 1 07/29/96, 4FAX# 4509 0653-345 permission denied (when trying to do anything after the login) or ksh: pwd: Cannot access parent directories (when doing pwd, after login) These symptoms are caused by the user not being able to execute the login shell (ksh, csh, or bsh, depending upon which is being used) or by a permissions problem in the home directory path. STEPS The following steps show how to check the files and directo- ries that may have a problem with permissions, owner, or group. If you find a problem with any of your files or directories, use chmod, chown, or chgrp to change the permissions, owner- ship, or group. If a symbolic link is missing, use the ln command to recreate it. For example, to create /bin linked to /usr/bin, run the following: ln -s /usr/bin /bin 1. Log in as root. 2. If users other than root see the message "system una- vailable" when they attempt to login, follow this step. Otherwise, skip to the next step. Check for the /etc/nologin file with ls -l /etc/nologin If the file /etc/nologin exists, delete it with rm /etc/nologin 3. For AIX 3.2 Run: cd / ls -al |pg Example output: drwxr-xr-x 45 bin bin 1536 Dec 24 10:08 . drwxr-xr-x 45 bin bin 1536 Dec 24 10:08 .. lrwxrwxrwx 1 root system 8 Feb 25 1994 bin -> /usr/bin drwxr-xr-x 16 root system 7168 Dec 24 10:10 etc drwxr-xr-x 71 bin bin 1536 Dec 14 09:37 home lrwxrwxrwx 1 root system 5 Feb 25 1994 u -> /home drwxr-xr-x 24 bin bin 1024 Jun 17 1994 usr drwxr-xr-x 11 bin bin 512 Dec 23 10:43 var For AIX 4.1 Run: Login Problems with Non-Root Users in AIX 2 07/29/96, 4FAX# 4509 cd / ls -al Example output: drwxr-xr-x 19 bin bin 1024 Dec 12 21:14 . drwxr-xr-x 19 bin bin 1024 Dec 12 21:14 .. lrwxrwxrwx 1 bin bin 8 Nov 22 09:37 bin -> /usr/bin drwxrwxr-x 4 root system 2048 Dec 12 21:12 dev drwxr-xr-x 12 root system 2048 Dec 12 21:11 etc drwxr-xr-x 5 bin bin 512 Nov 22 14:51 home lrwxrwxrwx 1 bin bin 8 Nov 22 09:37 lib -> /usr/lib drwxr-xr-x 20 bin bin 512 Nov 22 13:33 lpp drwxr-xr-x 3 bin bin 512 Nov 22 09:37 sbin lrwxrwxrwx 1 bin bin 5 Nov 22 09:37 u -> /home drwxr-xr-x 20 bin bin 512 Nov 22 14:24 usr drwxr-xr-x 12 bin bin 512 Nov 22 12:59 var 4. Run ls -ld /usr/bin Example output: drwxr-xr-x 3 bin bin 10752 Nov 22 12:53 /usr/bin 5. In AIX 3.2 Run: ls -l /usr/bin/csh /usr/bin/ksh /usr/bin/bsh Example output: -r-xr-xr-x 3 bin bin 260507 Feb 25 1994 /usr/bin/bsh -r-xr-xr-x 1 bin bin 349895 Sep 13 1993 /usr/bin/csh -r-xr-xr-x 2 bin bin 374961 Feb 25 1994 /usr/bin/ksh In AIX 4.1 Run: ls -l /usr/bin/csh /usr/bin/ksh /usr/bin/bsh Example output: -r-xr-xr-x 2 bin bin 341020 Nov 22 09:37 /usr/bin/bsh -r-xr-xr-x 1 bin bin 154412 Nov 22 09:37 /usr/bin/cs -r-xr-xr-x 4 bin bin 230148 Nov 22 09:37 /usr/bin/ksh NOTE: You will not have /usr/bin/csh if the C shell is not installed on the system. 6. Determine the user's home directory. In these steps, we will refer to the user's ID and directory as "user_one". 7. Run ls -ld /u/user_one (use path of user's directory) Example output: drwxr-xr-x 9 user_one system 7680 Dec 24 15:00 /u/user_one Login Problems with Non-Root Users in AIX 3 07/29/96, 4FAX# 4509 The directory should be owned by the user and the user should have rwx permissions. 8. Run cd /u/user_one ls -al |pg Example output: drwxr-xr-x 9 user_one system 7680 Dec 24 15:00 . drwxr-xr-x 71 bin bin 1536 Dec 14 09:37 .. The owner of the . directory should be the user. The permissions on the .. directory should be at least r-x for group and r-x for other. 9. If the user still has permission denied problems (but not login problems), the cause could be file system mount point permissions. In order to check the permissions on the mount point, the file system must first be unmounted. Some file systems' mount points can only be checked from service mode after booting from boot media. The permissions of the underlying mount point should be at least d--x--x--x, but full permissions (drwxrwxrwx) are recommended. The permission setting of the mounted file system can be used to restrict access. Login Problems with Non-Root Users in AIX 4 07/29/96, 4FAX# 4509 READER'S COMMENTS Please fax this form to (512) 823-4009, attention "AIXServ Informa- tion". You may also e-mail comments to: elizabet@austin.ibm.com. These comments should include the same customer information requested below. Use this form to tell us what you think about this document. If you have found errors in it, or if you want to express your opinion about it (such as organization, subject matter, appearance) or make sug- gestions for improvement, this is the form to use. If you need technical assistance, contact your local branch office, point of sale, or 1-800-CALL-AIX (for information about support offer- ings). These services may be billable. Faxes on a variety of sub- jects may be ordered free of charge from 1-800-IBM-4FAX. Outside the U.S. call 415-855-4329 using a fax machine phone. When you send comments to IBM, you grant IBM a nonexclusive right to use or distribute your comments in any way it believes appropriate without incurring any obligation to you. NOTE: If you have a problem report or item number, supplying that number may help us determine why a procedure did or did not work in your specific situation. Problem Report or Item #: Branch Office or Customer #: Be sure to print your name and fax number below if you would like a reply: Name: Fax Number: ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ END OF DOCUMENT (user.lgn.prob.31-32.cmd, 4FAX# 4509) Login Problems with Non-Root Users in AIX 5