'su -c' doesn't work properly?

'su -c' doesn't work properly?

Post by Jimmy Andersson ETX/A/TS » Fri, 14 Jan 2000 04:00:00



Hi,

I'm working on a ksh-script which must be run as user 'root', however,
in this script I'm trying to run the installation program for Oracle
8.0.4 on my box- HP9000 D330 running HP-UX 11.00. The installation
program requires the user 'oracle' to run it and I'm trying to do this
by using the following line:
/usr/bin/su oracle -c './orainst /m'
The installation starts off fine but terminates with the error:
Result: oraview.ins(206): PERMISSION_DENIED while making directory
/u01/app/oracle/product/8.0.4/orainst/oravw/install. (Permission
denied.)
This is because the directory
/u01/app/oracle/product/8.0.4/orainst/oravw/ apparently has been created
with owner root by the installation program prior to the attempt to
create the underlying /install dir.

My guess is that the installation program somehow spawns some kind of
sub-processes which apparently is run by 'root' instead of 'oracle'
while creating the directory above and therefore the installation
program is not allowed to create any directories below this dir.

So, is there a nice way to get around this?
If possible, please mail me suggestions, thanks in advance//
Jimmy

 
 
 

'su -c' doesn't work properly?

Post by Ken Pizzi » Sat, 15 Jan 2000 04:00:00


On Thu, 13 Jan 2000 14:48:25 +0100,

Quote:>/usr/bin/su oracle -c './orainst /m'
>The installation starts off fine but terminates with the error:
>Result: oraview.ins(206): PERMISSION_DENIED while making directory
>/u01/app/oracle/product/8.0.4/orainst/oravw/install. (Permission
>denied.)
>This is because the directory
>/u01/app/oracle/product/8.0.4/orainst/oravw/ apparently has been created
>with owner root by the installation program prior to the attempt to
>create the underlying /install dir.

The su command should be changing to the oracle user in such a
way that the commands spawned under it cannot regain super-user
priveleges (unless, of course, they fire off a s-uid root
program).  Are you certain that the directory named above was
not created by an earlier attempt at installation by a root
user who did _not_ do the su, or from an earlier installation
which had changed the permissions after the orainst script was
done?

Quote:>My guess is that the installation program somehow spawns some kind of
>sub-processes which apparently is run by 'root' instead of 'oracle'
>while creating the directory above and therefore the installation
>program is not allowed to create any directories below this dir.

This does not seem likely.  This would require that Oracle
include a s-uid root binary in their distribution, which is
extracted from the distribution medium (or executed directly off
of the dist. medium) and which retains its s-uid root character
in the process, or that Oracle take advantage of some other
security hole on your system.

                --Ken Pizzini

 
 
 

'su -c' doesn't work properly?

Post by Jimmy Andersson ETX/A/TS » Sat, 15 Jan 2000 04:00:00


Thanks for your answer Ken,
I must say that I find it very strange myself, but I've tried it several
times after manually deleting the xxx/oravw dir. but with no
improvement.

However, I took the dirty way around it and created another script which
launches the installation and called this script from the main script
with 'su' and that works just fine. Hmm...well I don't really understand
why the first version didn't succeed, but it may be as you suggested
although not likely.

If you come up with another idea, please let me know.
Anyway, thanks again//
Jimmy


> The su command should be changing to the oracle user in such a
> way that the commands spawned under it cannot regain super-user
> priveleges (unless, of course, they fire off a s-uid root
> program).  Are you certain that the directory named above was
> not created by an earlier attempt at installation by a root
> user who did _not_ do the su, or from an earlier installation
> which had changed the permissions after the orainst script was
> done?

-snip-
>                 --Ken Pizzini

 
 
 

1. 'less' command doesn't work properly in searching strings...

I got here less-205 which is a paginator better than "more".
(Works in SunOs 4.*, Ultrix, HP-UX).

Did someone compiled it for Solares2.4

The version I compiled doesnt search strings properly, any hints?


--

--- Ricky.  (Another Unix Hacker)
                                                                  \||/

| Software Engineer in R&D Dpt.                              |   / (__,,,,|
| Fibronics Ltd., Matam Industrial Park, Haifa 31905, Israel |^\/ _)

|    Fax: +972-4-313342   http://www.fibronics.co.il/~ricky/ |  / _)
+------------------------------------------------------------+  | )_)
                                                  <  >      |(,,) )__)
P.D. "Do not meddle in the affairs of dragons -    ||      /    \)___)\
      for them you are crunchy and                 | \____(      )___) )___
      go well with ketchup"                         \______(_______;;; __;;;

2. Support for *old* iomega drives. . . .

3. ping -g 'gateway-IP' 'host-IP' DOESN'T work!

4. Source for in.pop3d?

5. 'su ' vs. 'su -'

6. Redhat 6.0 boot freeze

7. > ksh children won't die ; exec doesn't work properly (solution)

8. Solaris 9 BIND won't start

9. PROBLEM: 'sed' script 's/^ /\n/' not working properly

10. restrict use of 'su' or 'su -'

11. ksh children won't die ; exec doesn't work properly; ksh -p

12. 'ppp-on' Works, 'ifup ppp0' Doesn't

13. Why doesn't my ppp-on script work when su'ing