Sunmanagers ..... Thanks to all that replied (over a dozen)! Basically the consensus can be summarized by Sal's response sent today: ---------------------------- You can use 'pkgchk -nf' to "fix" file permissions, but it will not fix suid/sgid and/or sticky bits. For that, you'll have to run 'pkgchk -n' and manually modify any files that have incorrect permissions. You will get errors about anything that doesn't match the package map, including ownership, timestamps and checksums for any files that have changed. You'd expect certain things to come up as errors, but I suggest you study this list if the entire system is 777. Pkgchk understands the -R /alternate-root. I suggest you boot from a cdrom or alternate BE and make modifications without messing up a running system. I wouldn't want to mess with permissions on a box while it's trying to fix itself. You may want to run this per-package ('pkgchk -nf SUNWpkg") to get a feel for what you're getting into before running it on the entire system. Good luck, -Sal ---------------------------- OTHERS SAID: An inventory of all files that belong to packages is kept in /var/sadm/install/contents. It lists the file name, the type, the install class, permissions, user, group, file size, checksum, timestamp, and package name. You can script a permission fixer easily with this file and a few lines of Perl. - - Michael [yoda1d] # grep /etc/passwd /var/sadm/install/contents /etc/passwd e passwd 0644 root sys 672 56039 1252002148 SUNWcsr So passwd should be 0644. You could probably write a script to do it if pkgchk doesn't do what you want. -- Brian ---------------------------- And some script from a previous SUMMARY sent by Jerry: "I had to do this once so I wrote a simple script. You will need to go to a good system and take a snapshot of the files and perms, e.g. ls -lR from / directory, dump the output to a file, make sure that you only see filenames, if you need directories to chmod, then you will need to modify my scrip a little. Here is the script: #!/bin/ksh # # probably you will need to run this only once. # will change owner:group of file according to feeded file in format # owner:group:filename # for name in `cat list` do tUSER=`echo $name | cut -d : -f1` tGRP=`echo $name | cut -d : -f2-` FILE=`echo $name | cut -d : -f3-` if [ -f $FILE ]; then # the following line works if echoed but may not work if echo # is taken out, you can redirect the output to a file and run # that output file echo /usr/bin/chown $TUSER:$tGRP $FILE fi done " Thanks a lot, Bye Julia Thanks again.... Roy ________________________________ This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure. If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail is strictly prohibited. Please notify us immediately of the error via e-mail to <ifpostmaster> postmaster@imaginaryforces.com and please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation. ...imaginaryforces.com... _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Wed Dec 8 14:47:08 2010
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:17 EST