Join IIUG
 for   
 

Informix News
18 Nov 13 - ZDNet - Top 20 mobile skills in demand... Read
09 Sep 13 - telecompaper - Shaspa and Tatung have shown a new smart home platform at Ifa in Berlin. Powered by the IBM Informix software... Read
06 Sep 13 - IBM data magazine - Mission Accomplished - Miami, Florida will be the backdrop for the 2014 IIUG Informix Conference... Read
01 Feb 13 - IBM Data Magazine - Are your database backups safe? Lester Knutsen (IBM Champion) writes about database back up safety using "archecker"... Read
14 Nov 12 - IBM - IBM's Big Data For Smart Grid Goes Live In Texas... Read
3 Oct 12 - The Financial - IBM and TransWorks Collaborate to Help Louisiana-Pacific Corporation Achieve Supply Chain Efficiency... Read
28 Aug 12 - techCLOUD9 - Splunk kicks up a SaaS Storm... Read
10 Aug 12 - businessCLOUD9 - Is this the other half of Cloud monitoring?... Read
3 Aug 12 - IBM data management - Supercharging the data warehouse while keeping costs down IBM Informix Warehouse Accelerator (IWA) delivers superior performance for in-memory analytics processing... Read
2 Aug 12 - channelbiz - Oninit Group launches Pay Per Pulse cloud-based service... Read
28 May 12 - Bloor - David Norfolk on the recent Informix benchmark "pretty impressive results"... Read
23 May 12 - DBTA - Informix Genero: A Way to Modernize Informix 4GL Applications... Read
9 Apr 12 - Mastering Data Management - Upping the Informix Ante: Advanced Data Tools... Read
22 Mar 12 - developerWorks - Optimizing Informix database access... Read
14 Mar 12 - BernieSpang.com - International Informix User Group set to meet in San Diego... Read
1 Mar 12 - IBM Data Management - IIUG Heads West for 2012 - Get ready for sun and sand in San Diego... Read
1 Mar 12 - IBM Data Management - Running Informix on Solid-State Drives.Speed Up Database Access... Read
26 Feb 12 - BernieSpan.com - Better results, lower cost for a broad set of new IBM clients and partners... Read
24 Feb 12 - developerWorks - Informix Warehouse Accelerator: Continuous Acceleration during Data Refresh... Read
6 Feb 12 - PRLOG - Informix port delivers unlimited database scalability for popular SaaS application ... Read
2 Feb 12 - developerWorks - Loading data with the IBM Informix TimeSeries Plug-in for Data Studio... Read
1 Feb 12 - developerWorks - 100 Tech Tips, #47: Log-in to Fix Central... Read
13 Jan 12 - MC Press online - Informix Dynamic Server Entices New Users with Free Production Edition ... Read
11 Jan 12 - Computerworld - Ecologic Analytics and Landis+Gyr -- Suitors Decide to Tie the Knot... Read
9 Jan 12 - planetIDS.com - DNS impact on Informix / Impacto do DNS no Informix... Read
8 Sep 11 - TMCnet.com - IBM Offers Database Solution to Enable Smart Meter Data Capture... Read
1 Aug 11 - IBM Data Management Magazine - IIUG user view: Happy 10th anniversary to IBM and Informix... Read
8 Jul 11 - Database Trends and Applications - Managing Time Series Data with Informix... Read
31 May 11 - Smart Grid - The meter data management pitfall utilities are overlooking... Read
27 May 11 - IBM Data Management Magazine - IIUG user view: Big data, big time ( Series data, warehouse acceleration, and 4GLs )... Read
16 May 11 - Business Wire - HiT Software Announces DBMoto for Enterprise Integration, Adds Informix. Log-based Change Data Capture... Read
21 Mar 11 - Yahoo! Finance - IBM and Cable&Wireless Worldwide Announce UK Smart Energy Cloud... Read
14 Mar 11 - MarketWatch - Fuzzy Logix and IBM Unveil In-Database Analytics for IBM Informix... Read
11 Mar 11 - InvestorPlace - It's Time to Give IBM Props: How many tech stocks are up 53% since the dot-com boom?... Read
9 Mar 11 - DBTA - Database Administration and the Goal of Diminishing Downtime... Read
2 Feb 11 - DBTAs - Informix 11.7 Flexible Grid Provides a Different Way of Looking at Database Servers... Read
27 Jan 11 - exactsolutions - Exact to Add Informix Support to Database Replay, SQL Monitoring Solutions... Read
25 Jan 11 - PR Newswire - Bank of China in the UK Works With IBM to Become a Smarter, Greener Bank... Read
12 Oct 10 - Database Trends and Applications - Informix 11.7: The Beginning of the Next Decade of IBM Informix... Read
20 Sep 10 - planetIDS.com - ITG analyst paper: Cost/Benefit case for IBM Informix as compared to Microsoft SQL Server... Read
20 Jul 10 - IBM Announcements - IBM Informix Choice Edition V11.50 helps deploy low-cost scalable and reliable solutions for Apple Macintosh and Microsoft Windows... Read
20 Jul 10 - IBM Announcements - Software withdrawal: Elite Support for Informix Ultimate-C Edition... Read
24 May 10 - eWeek Europe - IBM Supplies Database Tech For EU Smart Grid... Read
23 May 10 - SiliconIndia - IBM's smart metering system allows wise use of energy... Read
21 May 10 - CNET - IBM to help people monitor energy use... Read
20 May 10 - ebiz - IBM Teams With Hildebrand To Bring Smart Metering To Homes Across Britain... Read
19 May 10 - The New Blog Times - Misurare il consumo energetico: DEHEMS è pronto... Read
19 May 10 - ZDNet - IBM software in your home? Pact enables five-city smart meter pilot in Europe... Read
17 March 10 - ZDNet (blog) David Morgenstern - TCO: New research finds Macs in the enterprise easier, cheaper to manage than... Read
17 March 2010 - Virtualization Review - ...key components of Big Blue's platform to the commercial cloud such as its WebSphere suite of application ser vers and its DB2 and Informix databases... Read
10 February 2010 - The Wall Street Journal - International Business Machines is expanding an initiative to win over students and professors on its products. How do they lure the college crowd?... Read

End of Support Dates
IDS 11.10 - 30 Sep 2012
Subscribe to notifications

IIUG on Facebook IIUG on Twitter

[ Post Response ] [ Return to Index ] [ Read Prev Msg ] [ Read Next Msg ]

IDS Forum

Re: Odd situation - SETUID fail

Posted By: cesar_inacio_martins@yahoo.com.br
Date: Sunday, 5 April 2009, at 1:26 p.m.

Hi Jonathan,
Thanks a lot for your answer and questions.

My answers are below , if miss some information , please tell me.

1) I'm not using ACL.
Is enable by default at the mount in /etc/fstab and just to sure this is not the reason I remove all "acl" options and restart my computer. The same effect occur.

2) About /opt mount:

The /opt is part of / (root) :
| root@note-cim:/# ls -ld /opt
| drwxr-xr-x 6 root root 4096 2009-03-18 09:48 /opt

| root@note-cim:/# mount
| /dev/sda1 on / type ext2 (rw,noatime,relatime,acl,user_xattr)
| /proc on /proc type proc (rw)
| sysfs on /sys type sysfs (rw)
| debugfs on /sys/kernel/debug type debugfs (rw)
| udev on /dev type tmpfs (rw)
| devpts on /dev/pts type devpts (rw,mode=0620,gid=5)
| /dev/sda3 on /var type ext2 (rw,noatime,relatime,acl,user_xattr)
| /dev/sdb2 on /dados type ext2
| (rw,nosuid,nodev,noatime,relatime,acl,user_xattr)
| /tmp on /tmp type tmpfs (rw,size=400M)
| /dev/sdc2 on /media/SD type vfat
| rw,noexec,nosuid,nodev,noatime,relatime,gid=100,umask=0002,utf8=true)
| fusectl on /sys/fs/fuse/connections type fusectl (rw)
| gvfs-fuse-daemon on /home/cmartins/.gvfs type fuse.gvfs-fuse-daemon
| (rw,nosuid,nodev,user=cmartins)

3) Informix group
| root@note-cim:/# grep informix /etc/group
| dialout:x:16:cmartins,informix
| video:x:33:cmartins,informix
| informix:!:1000:
|
| root@note-cim:/# grep informix /etc/passwd
| informix:x:1001:1000:DBSA Informix:/home/informix:/bin/bash

4) About /INFORMIXTMP creation. Looking the / (root) mount:
| root@note-cim:~# ls -la / |head -n3
| total 104
| drwxr-xr-x 23 root root 4096 2009-04-05 11:40 .
| drwxr-xr-x 23 root root 4096 2009-04-05 11:40 ..

I don't create /INFORMIXTMP manually , I just remove it with "rm -rf /INFORMIXTMP" . They are created just when I execute the "oninit" with "root" or "root + myexec" .
Here is the permission of /INFORMIXTMP when execute "oninit" with "root" and "myexec":
| root@note-cim:/# id
| uid=0(root) gid=0(root) groups=0(root)
|
| root@note-cim:/# rm -rf /INFORMIXTMP
| removed `/INFORMIXTMP/.infxdirs'
| removed `/INFORMIXTMP/.idsmoon.alarm'
| removed directory: `/INFORMIXTMP'
|
| root@note-cim:/# echo $INFORMIXSERVER
| idsmoon
|
| root@note-cim:/# chown :root /ifmxdados/*
| root@note-cim:/# oninit -iy
| root@note-cim:/# onstat -
|
| IBM Informix Dynamic Server Version 11.50.UC3DE -- On-Line -- Up 00:00:42 -- 144144 Kbytes
|
| root@note-cim:/# ls -la /INFORMIXTMP
| total 12
| drwxrwxr-t 2 informix informix 4096 2009-04-05 12:30 .
| drwxr-xr-x 24 root root 4096 2009-04-05 12:30 ..
| -rw-rw-r-- 1 root root 22 2009-04-05 12:30 .infxdirs
| srwxrwx--- 1 root root 0 2009-04-05 12:30 VP.idsmoon.010100s
|
| root@note-cim:/# onmode -ky
|
| root@note-cim:/# chown :informix /ifmxdados/*
|
| root@note-cim:/# rm -rf /INFORMIXTMP
| removed `/INFORMIXTMP/.infxdirs'
| removed `/INFORMIXTMP/.idsmoon.alarm'
| removed directory: `/INFORMIXTMP'
|
| root@note-cim:/# myexec 1001 1000 "oninit -iy"
| argc = 4
| arg 0 = myexec
| arg 1 = 1001
| arg 2 = 1000
| arg 3 = oninit -iy
|
| Setting Effective UID = 1001 GID = 1000
| Effective / Real UID/GID defined:
| uid=0 gid=1000 euid=0 egid=1000
|
| Executing oninit -iy
|
| root@note-cim:/# ls -la /INFORMIXTMP/
| total 12
| drwxrwxr-t 2 informix informix 4096 2009-04-05 12:37 .
| drwxr-xr-x 24 root root 4096 2009-04-05 12:37 ..
| -rw-rw-r-- 1 root informix 22 2009-04-05 12:37 .infxdirs
| srwxrwx--- 1 root informix 0 2009-04-05 12:37 VP.idsmoon.010100s
|

5) Now, about the setfsuid , I don't know if the test I executed is the expected for you, I replace the setregid to setfsuid and setfsgid , this is part of the C code (myexec2.c):
| 5 int main(int argc, char *argv[] ) {
| 6 if ( argc != 4 ) {
| 7 printf("\nInvalid Parameters!\nsyntax: [uid] [gid] [command]\n\n");
| 8 exit(1) ;
| 9 }
| 10 int i,old_uid, old_gid;
| 11 old_uid=0;
| 12 old_gid=0;
| 13 printf("argc = %i\n", argc );
| 14 for (i = 0 ; i <= argc-1 ; i++) printf("\targ %i = %s\n", i, argv[i]);
| 15
| 16 printf( "\nSetting FS UID = %s GID = %s\n", argv[1], argv[2]);
| 17 old_uid=setfsuid(atoi(argv[1])); // define FS user
| 18 old_gid=setfsgid(atoi(argv[2])); // define FS group
| 19 printf("Old FS UID/GID : ");
| 20 printf("uid=%i \t gid=%i\n\n", old_uid, old_gid);
| 21 old_uid=setfsuid(atoi(argv[1])); // define FS user
| 22 old_gid=setfsgid(atoi(argv[2])); // define FS group
| 23 printf("NEW FS UID/GID : ");
| 24 printf("uid=%i \t gid=%i\n\n", old_uid, old_gid);
| 25
| 26 printf("Executing %s\n", argv[3] );
| 27 system(argv[3]);
| 28 }
|

There is the execution with "root" user, for me I don't see any effect :

| root@note-cim:/# rm -rf /INFORMIXTMP/
| removed `/INFORMIXTMP/.infxdirs'
| removed `/INFORMIXTMP/.idsmoon.alarm'
| removed directory: `/INFORMIXTMP'
|
| root@note-cim:/# myexec2 1001 1000 "oninit -ivy"
| argc = 4
| arg 0 = myexec2
| arg 1 = 1001
| arg 2 = 1000
| arg 3 = oninit -ivy
|
| Setting FS UID = 1001 GID = 1000
| Old FS UID/GID : uid=0 gid=0
|
| NEW FS UID/GID : uid=1001 gid=1000
|
| Executing oninit -ivy
| Checking group membership to determine server run mode...succeeded
| Reading configuration file '/opt/IBM/ids1150uc3de/etc/onconfig.idsmoon'...succeeded
| Creating /INFORMIXTMP/.infxdirs...succeeded
| Creating infos file "/opt/IBM/ids1150uc3de/etc/.infos.idsmoon"...succeeded
| Linking conf file "/opt/IBM/ids1150uc3de/etc/.conf.idsmoon"...succeeded
| Checking config parameters...succeeded
| Writing to infos file...succeeded
| Allocating and attaching to shared memory...succeeded
| Creating resident pool 10570 kbytes...succeeded
| Allocating 100016 kbytes for buffer pool of 2K page size...succeeded
| Initializing rhead structure...succeeded
| Initialization of Encryption...succeeded
| Initializing ASF...succeeded
| Initializing Dictionary Cache and SPL Routine Cache...succeeded
| Bringing up ADM VP...succeeded
| Creating VP classes...succeeded
| Onlining 0 additional cpu vps...succeeded
| Onlining 2 IO vps...succeeded
| Forking main_loop thread...succeeded
| Initializing DR structures...succeeded
| Forking 1 'soctcp' listener threads...succeeded
| Starting tracing...succeeded
| Initializing 8 flushers...succeeded
| FAILED
|
| WARNING: server initialization failed, or possibly timed out (if -w was used).
| Check the message log, online.log, for errors.
|
| root@note-cim:/# onstat -m
| shared memory not initialized for INFORMIXSERVER 'idsmoon'
|
| Message Log File: /opt/IBM/ids1150uc3de/log/online.log
| 13:24:21 Warning: The IBM IDS Developer Edition license restriction limits
| 13:24:21 the total shared memory size for this server to 1048576 KB.
| 13:24:21 The size has been reset to the limit to bring up the database server.
|
| Sun Apr 5 13:24:22 2009
|
| 13:24:22 Event alarms enabled. ALARMPROG = '/opt/IBM/ids1150uc3de/etc/alarmprogram.sh'
| 13:24:22 Booting Language <c> from module <>
| 13:24:22 Loading Module <CNULL>
| 13:24:22 Booting Language <builtin> from module <>
| 13:24:22 Loading Module <BUILTINNULL>
| 13:24:27 DR: DRAUTO is 0 (Off)
| 13:24:27 DR: ENCRYPT_HDR is 0 (HDR encryption Disabled)
| 13:24:27 Event notification facility epoll enabled.
| 13:24:28 IBM Informix Dynamic Server Version 11.50.UC3DE Software Serial Number AAA#B000000
| 13:24:28 The chunk '/ifmxdados/L_rootdbs.ch1' must have owner-ID "informix" and group-ID "root".
|
| 13:24:28 IBM Informix Dynamic Server Stopped.
|
| 13:24:28 mt_shm_remove: WARNING: may not have removed all/correct segments
|
| root@note-cim:/# ls -la /INFORMIXTMP/
| total 16
| drwxrwxr-t 2 informix informix 4096 2009-04-05 13:24 .
| drwxr-xr-x 24 root root 4096 2009-04-05 13:24 ..
| -rw-rw---- 1 informix informix 69 2009-04-05 13:24 .idsmoon.alarm
| -rw-rw-r-- 1 root root 22 2009-04-05 13:24 .infxdirs
|

6) About the "capabilities" mechanism , I don't know...

7) Just a plus.
I'm not expert in C developer , but trying to understand the problem , I execute a "strace -f -o /tmp/trace.informix oninit -iyv" with "informix" user and don't see at any moment a command to change the effectve/real uid/gid to root, so far I know to use the SETUID (to root) this is necessary.

| informix@note-cim:~> strace -f -o /tmp/trace.informix oninit -iyv
| Checking group membership to determine server run mode...succeeded
| Reading configuration file '/opt/IBM/ids1150uc3de/etc/onconfig.idsmoon'...succeeded
| Creating /INFORMIXTMP/.infxdirs...FAILED
| Creating infos file "/opt/IBM/ids1150uc3de/etc/.infos.idsmoon"...succeeded
| ...
|
| root@note-cim:/tmp# egrep -i "[gu]id|INFORMIXTMP" trace.informix | head -20
| 16937 getuid32() = 1001
| 16937 geteuid32() = 1001
| 16937 getgid32() = 1000
| 16937 getegid32() = 1000
| 16937 setuid32(1001) = 0
| 16939 getuid32() = 1001
| 16939 getuid32() = 1001
| 16939 geteuid32() = 1001
| 16939 write(4, "Creating /INFORMIXTMP/.infxdirs."..., 34) = 34
| 16937 <... read resumed> "Creating /INFORMIXTMP/.infxdirs."..., 4096) = 34
| 16939 stat64("/INFORMIXTMP", <unfinished ...>
| 16939 mkdir("/INFORMIXTMP", 01775) = -1 EACCES (Permission denied)
| 16937 write(1, "Creating /INFORMIXTMP/.infxdirs."..., 41 <unfinished ...>
| 16939 getuid32() = 1001
| 16939 geteuid32() = 1001
|

Veja quais são os assuntos do momento no Yahoo! +Buscados
http://br.maisbuscados.yahoo.com

[ Post Response ] [ Return to Index ] [ Read Prev Msg ] [ Read Next Msg ]

IDS Forum is maintained by Administrator with WebBBS 5.12.