HCON user configuration files and root access
ITEM: RS4000015494
**************> QUESTION level 1 --> level 2 SPECIALIST <**************
Question:
Is it necessary that the 4 u* HCON configuration files
are accessible by root?
We are trying to configure an environment in which the
users' home directories are exported by NFS from a SERVER.
We would like these directories to be exported with
Anonomous UID set to -1 because we don't want that
the root user of each client system has the possibility to access
the home directory of all the users.
Is this possible?
If yes, how? As we are getting ODM corruption messages.
Thanks, best regards, Marina.
**************> ANSWER level 2 --> level 1 SPECIALIST <**************
====> THIS TEXT HAS BEEN ENTERED BY IBM IN USA
PMR E0164,998,758 was created on 96/08/01 at 14:53:33.
**************> ANSWER level 2 --> level 1 SPECIALIST <**************
====> THIS TEXT HAS BEEN ENTERED BY IBM IN USA
====> ASGN: BUNLOEUR AT WTSCPOK ================= DATE:960801
TIME:1059
Received by Austin ITSC and assigned to AIXCOMM.
Your question has been received, and assigned to a specialist. Please
wait for a reply. Thank you.
**************> ANSWER level 2 --> level 1 SPECIALIST <**************
====> THIS TEXT HAS BEEN ENTERED BY IBM IN USA
====> RESP: AIXOPSYS AT WTSCPOK ================= DATE:960801
TIME:1113
Your item is being researched.
**************> ANSWER level 2 --> level 1 SPECIALIST <**************
====> THIS TEXT HAS BEEN ENTERED BY IBM IN USA
====> RESP: AIXOPSYS AT WTSCPOK ================= DATE:960802
TIME:1655
Response:
The usrdflts, usrdflts.vc, usrprofs, usrprofs.vc files must have
read and write permissions for the hcon user they belong to. If
the hcon sessions are added for the root user, then they must have
read and write permissions for root. If the hcon sessions are for
a non-root user - then they do not need root permission.
**************> QUESTION level 1 --> level 2 SPECIALIST <**************
====> THIS TEXT HAS BEEN ENTERED BY IBM IN ITALY
Question:
Is it necessary that the 4 u* HCON configuration files
are accessible by root?
We are trying to configure an environment in which the
users' home directories are exported by NFS from a SERVER.
We would like these directories to be exported with
Anonomous UID set to -1 because we don't want that
the root user of each client system has the possibility to access
the home directory of all the users.
Is this possible?
If yes, how? As we are getting ODM corruption messages.
Thanks, best regards, Marina.
**************> ANSWER level 2 --> level 1 SPECIALIST <**************
====> THIS TEXT HAS BEEN ENTERED BY IBM IN USA
PMR E0164,998,758 was created on 96/08/01 at 14:53:33.
**************> ANSWER level 2 --> level 1 SPECIALIST <**************
====> THIS TEXT HAS BEEN ENTERED BY IBM IN USA
====> ASGN: BUNLOEUR AT WTSCPOK ================= DATE:960801
TIME:1059
Received by Austin ITSC and assigned to AIXCOMM.
Your question has been received, and assigned to a specialist. Please
wait for a reply. Thank you.
**************> ANSWER level 2 --> level 1 SPECIALIST <**************
====> THIS TEXT HAS BEEN ENTERED BY IBM IN USA
====> RESP: AIXOPSYS AT WTSCPOK ================= DATE:960801
TIME:1113
Your item is being researched.
**************> ANSWER level 2 --> level 1 SPECIALIST <**************
====> THIS TEXT HAS BEEN ENTERED BY IBM IN USA
====> RESP: AIXOPSYS AT WTSCPOK ================= DATE:960802
TIME:1655
Response:
The usrdflts, usrdflts.vc, usrprofs, usrprofs.vc files must have
read and write permissions for the hcon user they belong to. If
the hcon sessions are added for the root user, then they must have
read and write permissions for root. If the hcon sessions are for
a non-root user - then they do not need root permission.
New question:
The 4 u* HCON configuration files are not in a local directory,
but in one imported via NFS. We noticed that if we export the directory
with Anonymous UID set to -1 we get an ODM corruption message when
running and HCON session. Is this the correct way it should work?
If yes, doesn't this mean that root (UID=0) must have access to
those files?
Ant clarification will be welcome. Thanks again, best regards, Marina.
**************> ANSWER level 2 --> level 1 SPECIALIST <**************
====> THIS TEXT HAS BEEN ENTERED BY IBM IN USA
PMR E0164,998,758 was updated on 96/09/02 at 13:15:22.
**************> ANSWER level 2 --> level 1 SPECIALIST <**************
====> THIS TEXT HAS BEEN ENTERED BY IBM IN USA
====> ASGN: BUNLOEUR AT WTSCPOK ================= DATE:960903
TIME:0859
Received by Austin ITSC and assigned to AIXOPSYS.
Your question has been received, and assigned to a specialist. Please
wait for a reply. Thank you.
**************> ANSWER level 2 --> level 1 SPECIALIST <**************
====> THIS TEXT HAS BEEN ENTERED BY IBM IN USA
====> RESP: AIXOPSYS AT WTSCPOK ================= DATE:960903
TIME:1143
YOUR ITEM IS BEING RESEARCHED
**************> ANSWER level 2 --> level 1 SPECIALIST <**************
====> THIS TEXT HAS BEEN ENTERED BY IBM IN USA
====> RESP: AIXOPSYS AT WTSCPOK ================= DATE:960905
TIME:1208
Response:
The HCON u* files should be in the users login directory even if it is
imported through NFS. By default the root user would have access to
these files, although its contents are hard to read and manipulate.
Changing the UID could (and as in your case, did) cause a problem with
HCONs ODM when the user who owns the files tries to access HCON. It is
one of those rare files that a user does not have total control over
who can access it because of the way HCON handles those file
internally.
I hope this helps.
Thank you for using AIX Support Family.
WWQA: ITEM: RS4000015494 ITEM: RS4000015494
Dated: 08/1996 Category: AIXCOMMS
This HTML file was generated 99/06/24~12:43:05
Comments or suggestions?
Contact us