Prev: Patch Downloads on Solaris 10 x86
Next: seaport absent
From: gerryt on 20 Feb 2007 17:40 On Feb 20, 1:57 pm, "Anoop" <anoopkum...(a)gmail.com> wrote: > On Feb 20, 4:27 pm, hume.spamfil...(a)bofh.ca wrote: > > > Anoop <anoopkum...(a)gmail.com> wrote: > > > Is there any workaround? I cannot use /usr/bin/ps or psgrep as they do > > > not provide the same information we need... Can I tell /usr/ucb/psto > > > I'd say the workaround is to figure out why /usr/ucb/pson your system is > > broken, and fix it. What you're describing is not the utility's normal > > behaviour. > > > -- > > Brandon Hume - hume -> BOFH.Ca,http://WWW.BOFH.Ca/ > > Here are the outputs: > $ alias ll='ls -ltr' > $ ll / | grep tmp > drwxrwxrwt 20 root sys 12597 Feb 20 16:41 tmp > $ ll /usr/ucb/ps > -r-xr-xr-x 37 root bin 5256 Jan 5 2000 /usr/ucb/ps > $ id > uid=45844(wlitid) gid=7964(gwlitid) > $ ll /tmp | grep ups_data > $ file /usr/ucb/ps > /usr/ucb/ps: ELF 32-bit MSB executable SPARC Version 1, dynamically > linked, stripped > $ /usr/ucb/ps -v > ps: rename("/tmp/ps.XtaG3j","/tmp/ups_data") failed, Permission > denied > ps: Please notify your System Administrator > PID TT S TIME SIZE RSS %CPU %MEM COMMAND > 5052 pts/8 O 0:00 3984 3632 0.2 0.1 /usr/ucb/ps -v > /tmp does have the trailing t - is that the setuid?? Nope > This is actually a client machine - we need to maintain our > application on it only. So we do not have root access. > Also I will not be able to figure out what if anything is wrong with / > usr/ucb/ps. But I can let the sys admins know that this ps command > needs to be fixed somehow.. I did a simple truss of "ps" - its an isaexec link to: /usr/ucb/sparcv9/ps This ps is setuid root: -r-sr-xr-x 1 root sys 31544 Jan 5 2000 /usr/ucb/sparcv9/ ps My guess is yours is not . Some "security" maven where you work been busy? Anyway - have a look.
From: hume.spamfilter on 20 Feb 2007 18:34 Anoop <anoopkumarv(a)gmail.com> wrote: > $ ll /usr/ucb/ps > -r-xr-xr-x 37 root bin 5256 Jan 5 2000 /usr/ucb/ps I forgot that /usr/ucb/ps is an isaexec link. Try the command: find /usr/ucb -name ps -ls -- Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/
From: Darren Dunham on 20 Feb 2007 18:54 Anoop <anoopkumarv(a)gmail.com> wrote: > So in our case it is hampering our work. Because the /usr/ucb/ps > command writes something into /tmp which automatically gets root > ownership, we cannot delete the created files. This eventually fills > up /tmp and when other processes need /tmp for whatever, they just > fail coz there is no disk space available on /tmp... Well, *that* part of it is abnormal. Under normal circumstances, it creates one file in /tmp and reuses it. Your configuration for some reason is unable to use /tmp/ups_data, and it creates an alternative every other time. I might truss it when run as root to see what it's attempting to do to that file and what return codes come back from those operations. > Is there any workaround? I cannot use /usr/bin/ps or psgrep as they do > not provide the same information we need... Can I tell /usr/ucb/ps to > write this file elsewhere or not write it at all.. ? Just hoping! Your system is broken. You need to do some investigation to determine what is broken so that you can repair it. I'd guess something associate with either the ps command or the /tmp filesystem is odd, but that's just a guess from over here. -- Darren Dunham ddunham(a)taos.com Senior Technical Consultant TAOS http://www.taos.com/ Got some Dr Pepper? San Francisco, CA bay area < This line left intentionally blank to confuse you. >
From: Darren Dunham on 20 Feb 2007 18:56 hume.spamfilter(a)bofh.ca wrote: > Anoop <anoopkumarv(a)gmail.com> wrote: >>>>>>>>>Is /usr/ucb/ps setuid? >> >> How do I find that out? > "ls -l". ie: "ls -l /usr/ucb/ps". Oops. 'ps' is slightly odd. It's a link to the isaexec wrapper. While it would be helpful to see the above (in case the link is broken), also needed is "ls -l /usr/ucb/sparc*/ps". > Seeing the permissions on /tmp/ups_data would be helpful, too. As well as > the output from "id". Yup. -- Darren Dunham ddunham(a)taos.com Senior Technical Consultant TAOS http://www.taos.com/ Got some Dr Pepper? San Francisco, CA bay area < This line left intentionally blank to confuse you. >
From: Casper H.S. Dik on 21 Feb 2007 03:59 "Anoop" <anoopkumarv(a)gmail.com> writes: >Here are the additional details. I have aliased ps to point to /usr/ >ucb/ps... (and ll to ls -ltr) >$ ll /tmp >-rw-rw-r-- 1 root sys 647384 Feb 20 09:33 ps.fRaWKW This may look like the genuine ps output file but it tries to rename it to "/tmp/ups_data" and somehow that rename fails. Does /tmp/ups_data exist? Can you truss ps? (It generally prints an error message when the rename fails) Casper
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 5 Prev: Patch Downloads on Solaris 10 x86 Next: seaport absent |