Difference between revisions of "The command arssockd can only be run by the owner of the command"

Jump to navigation Jump to search

The command arssockd can only be run by the owner of the command (view source)

Revision as of 10:52, 28 April 2015

1,108 bytes added ,  10:52, 28 April 2015
m
Added changing file permissions.
m (Added message number / name.)
m (Added changing file permissions.)
Line 25: Line 25:


In some systems, the owner of all of the Content Manager OnDemand files installed under /usr/lpp/ars/bin, /opt/ondemand/bin, or /opt/IBM/ondemand/V9.x has been changed to be 'non-root'.  This is typically done for security reasons, so that a remote exploit of the OnDemand daemon (arssockd) doesn't immediately provide root privileges to the attacker.  After an upgrade, these permissions may have been re-written, and need to be reimplemented.
In some systems, the owner of all of the Content Manager OnDemand files installed under /usr/lpp/ars/bin, /opt/ondemand/bin, or /opt/IBM/ondemand/V9.x has been changed to be 'non-root'.  This is typically done for security reasons, so that a remote exploit of the OnDemand daemon (arssockd) doesn't immediately provide root privileges to the attacker.  After an upgrade, these permissions may have been re-written, and need to be reimplemented.
In this case, the UNIX file and group ownership need to be set to match the UNIX user name that will run arssockd.
<code>
-r-xr-xr-x    1 root    system      5662247 Sep  4 2013  arsrpt
-r-xr-xr-x    1 root    system      8795499 Sep  4 2013  arsslu
-r-xr-xr-x    1 root    system      7289800 Sep  4 2013  arssockd
-r-xr-xr-x    1 root    system      4394507 Sep  4 2013  arssyscr
-r-xr-xr-x    1 root    system      7082704 Sep  4 2013  arstblsp
-r-xr-xr-x    1 root    system      8753959 Sep  4 2013  arstfmt
-r-xr-xr-x    1 root    system      4221594 Sep  4 2013  arsview
$ chown archive:sysadm1 ars*
-r-xr-xr-x    1 archive  sysadm1    5662247 Sep  4 2013  arsrpt
-r-xr-xr-x    1 archive  sysadm1    8795499 Sep  4 2013  arsslu
-r-xr-xr-x    1 archive  sysadm1    7289800 Sep  4 2013  arssockd
-r-xr-xr-x    1 archive  sysadm1    4394507 Sep  4 2013  arssyscr
-r-xr-xr-x    1 archive  sysadm1    7082704 Sep  4 2013  arstblsp
-r-xr-xr-x    1 archive  sysadm1    8753959 Sep  4 2013  arstfmt
-r-xr-xr-x    1 archive  sysadm1    4221594 Sep  4 2013  arsview
</code>


When performing a new installation, ensure that the following parameters all match the user name that the CMOD database runs under:
When performing a new installation, ensure that the following parameters all match the user name that the CMOD database runs under:
'''''Ensure that these parameters both have matching case.'''''  If one is set to 'ARCHIVE', and the other is set to 'archive', [[arssockd]] will throw the ARS1154E error.


In ars.ini:
In ars.ini:
Line 37: Line 57:


<code>DB2INSTANCE=ARCHIVE</code>
<code>DB2INSTANCE=ARCHIVE</code>
'''''Ensure that these parameters both have matching case.'''''  If one is set to 'ARCHIVE', and the other is set to 'archive', [[arssockd]] will throw the ARS1154E error.
Retrieved from "https://CMOD.wiki/index.php?title=Special:MobileDiff/153"

Navigation menu