[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | POLYCENTER Console Manager |
| Notice: | Kits, Scans, Docs on CSC32:: as PCM$KITS:,PCM$DOCS:, PCM$SCANS: |
| Moderator: | CSC32::BUTTERWORTH |
|
| Created: | Thu Aug 06 1992 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 1541 |
| Total number of notes: | 6564 |
1112.0. "C3 GUI no access -- everything else ok" by 35568::KINSLEY (Nothing endures but change) Wed Nov 29 1995 17:39
Environment:
PCM V1.6-110
Digital UNIX V3.2C 148
AlphaStation 250 4/266
NIS and C2 security
Problem:
When we invoke the PCM 'console -c3' interface from our user accounts
the 'event monitor' and the 'connect to console' functions do not
work. However, if we su to root and then invoke the 'console -c3'
all the functions work.
Status/Symptoms:
The C3 Message Log has the following message: Failed to connect to ENS
The consoled, console_ensd, consoled_child processes are present.
The command 'console -d' indicates there are CM and ENS pids, the
daemons are up, events are registered, data is logging, etc.
The command 'console -d -a' indicates we have links to all the ports
(27 at this time).
Other methods for connecting to console ports work for regular users
such as 'console -c hostname' but not if attempting it from the c3 gui.
We have implemented some of the PCM security features on user
accounts -- but in debug mode when we eliminate security/enable all
functions user accounts are still not working.
A user can generate an archive for a system/host but can not at the
same time connect to a console or view events.
We checked the subsets 'setld -v' and they verified successfully.
Educated guess time:
?? could this be related to NIS and C2 security ??
?? are we having a problem with shared memory permission ??
??
| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 1112.1 | Why can't registered PCM users access PCM sockets? | 35568::KINSLEY | Nothing endures but change | Sat Dec 02 1995 15:15 | 14 |
| More information:
Based on our 'educated guess' we changed the security on the sockets in
/var/opt/console/tmp from 'rwx------' to 'rwxrwxrwx' and now the c3 gui
interface works from a user account. This does not fix the problem --
it is just a way to make the console -c3 functional for non-root users.
Question:
Was a security change implemented as part of the recent ECO kit? Our
collective memory tells us we did not have this problem before we upgraded
using the 161 patch kit. Any thoughts on how to solve this access/security
issue? Why can't registered PCM users access PCM sockets?
|
| 1112.2 | PCM access issue -- still not resolved | 35568::KINSLEY | Nothing endures but change | Thu Jan 04 1996 17:39 | 26 |
|
Still not resolved -- why can't registered PCM users access the sockets
in /var/opt/console/tmp ??
Why do registered PCM users in operations/administration have to use
'su root' for the console c3 GUI connections?
Below is output from a debug session -- any clues here?
C3: Connecting to CM daemon
CMCreateEventPort: Opening local transport event port </var/opt/console/tmp/CONSOLE_EVT_EN
S_C3>
CMCreateEventPort: Open failure
CMCloseEventPort: Closing Event Port <ENS_C3>
C3: adding ENS connect timer
C3: Priviledges
Archive .....: 0
Exit ........: 0
NoEdit ......: 0
Reconfigure .: 0
Send break ..: 0
Shutdown ....: 0
Startup .....: 0
Unlock ......: 0
|