From: gerryt on
On Feb 20, 1:57 pm, "Anoop" <anoopkum...(a)gmail.com> wrote:
> On Feb 20, 4:27 pm, hume.spamfil...(a)bofh.ca wrote:
>
> > Anoop <anoopkum...(a)gmail.com> wrote:
> > > Is there any workaround? I cannot use /usr/bin/ps or psgrep as they do
> > > not provide the same information we need... Can I tell /usr/ucb/psto
>
> > I'd say the workaround is to figure out why /usr/ucb/pson your system is
> > broken, and fix it. What you're describing is not the utility's normal
> > behaviour.
>
> > --
> > Brandon Hume - hume -> BOFH.Ca,http://WWW.BOFH.Ca/
>
> Here are the outputs:
> $ alias ll='ls -ltr'
> $ ll / | grep tmp
> drwxrwxrwt 20 root sys 12597 Feb 20 16:41 tmp
> $ ll /usr/ucb/ps
> -r-xr-xr-x 37 root bin 5256 Jan 5 2000 /usr/ucb/ps
> $ id
> uid=45844(wlitid) gid=7964(gwlitid)
> $ ll /tmp | grep ups_data
> $ file /usr/ucb/ps
> /usr/ucb/ps: ELF 32-bit MSB executable SPARC Version 1, dynamically
> linked, stripped
> $ /usr/ucb/ps -v
> ps: rename("/tmp/ps.XtaG3j","/tmp/ups_data") failed, Permission
> denied
> ps: Please notify your System Administrator
> PID TT S TIME SIZE RSS %CPU %MEM COMMAND
> 5052 pts/8 O 0:00 3984 3632 0.2 0.1 /usr/ucb/ps -v

> /tmp does have the trailing t - is that the setuid??
Nope

> This is actually a client machine - we need to maintain our
> application on it only. So we do not have root access.
> Also I will not be able to figure out what if anything is wrong with /
> usr/ucb/ps. But I can let the sys admins know that this ps command
> needs to be fixed somehow..

I did a simple truss of "ps" - its an isaexec link to:
/usr/ucb/sparcv9/ps
This ps is setuid root:
-r-sr-xr-x 1 root sys 31544 Jan 5 2000 /usr/ucb/sparcv9/
ps
My guess is yours is not . Some "security" maven where you work
been busy? Anyway - have a look.




From: hume.spamfilter on
Anoop <anoopkumarv(a)gmail.com> wrote:
> $ ll /usr/ucb/ps
> -r-xr-xr-x 37 root bin 5256 Jan 5 2000 /usr/ucb/ps

I forgot that /usr/ucb/ps is an isaexec link. Try the command:

find /usr/ucb -name ps -ls

--
Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/
From: Darren Dunham on
Anoop <anoopkumarv(a)gmail.com> wrote:
> So in our case it is hampering our work. Because the /usr/ucb/ps
> command writes something into /tmp which automatically gets root
> ownership, we cannot delete the created files. This eventually fills
> up /tmp and when other processes need /tmp for whatever, they just
> fail coz there is no disk space available on /tmp...

Well, *that* part of it is abnormal. Under normal circumstances, it
creates one file in /tmp and reuses it. Your configuration for some
reason is unable to use /tmp/ups_data, and it creates an alternative
every other time.

I might truss it when run as root to see what it's attempting to do to
that file and what return codes come back from those operations.

> Is there any workaround? I cannot use /usr/bin/ps or psgrep as they do
> not provide the same information we need... Can I tell /usr/ucb/ps to
> write this file elsewhere or not write it at all.. ? Just hoping!

Your system is broken. You need to do some investigation to determine
what is broken so that you can repair it. I'd guess something associate
with either the ps command or the /tmp filesystem is odd, but that's
just a guess from over here.

--
Darren Dunham ddunham(a)taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >
From: Darren Dunham on
hume.spamfilter(a)bofh.ca wrote:
> Anoop <anoopkumarv(a)gmail.com> wrote:
>>>>>>>>>Is /usr/ucb/ps setuid?
>>
>> How do I find that out?

> "ls -l". ie: "ls -l /usr/ucb/ps".

Oops. 'ps' is slightly odd. It's a link to the isaexec wrapper. While
it would be helpful to see the above (in case the link is broken), also
needed is "ls -l /usr/ucb/sparc*/ps".

> Seeing the permissions on /tmp/ups_data would be helpful, too. As well as
> the output from "id".

Yup.

--
Darren Dunham ddunham(a)taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >
From: Casper H.S. Dik on
"Anoop" <anoopkumarv(a)gmail.com> writes:

>Here are the additional details. I have aliased ps to point to /usr/
>ucb/ps... (and ll to ls -ltr)

>$ ll /tmp
>-rw-rw-r-- 1 root sys 647384 Feb 20 09:33 ps.fRaWKW


This may look like the genuine ps output file but it tries to rename it
to "/tmp/ups_data" and somehow that rename fails.

Does /tmp/ups_data exist?

Can you truss ps? (It generally prints an error message when the
rename fails)

Casper
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5
Prev: Patch Downloads on Solaris 10 x86
Next: seaport absent