[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[LDM #EKK-941581]: LDM 6.9.0.6 password/security ramification issues?



Hi Gilbert (with CC to Tyler),

I just couldn't resist jumping in here...

re:
> Tyler Allison and I have been discussing the issue about needing to enter
> the ldm and root passwords to get LDM 6.9X to install. As I am probably
> not anywhere fully understanding the ramifications and how/why this is
> done, could you please explain to us why it is needed, and when it occurs
> in the install process?

This requirement is _no_ different than for all previous versions of the
LDM:

- one has to logon as the user running the LDM to build it
- one has always needed to run 'make install_setuids' as 'root' to
  finish the installation

  Reminder: the action done by 'root' sets the needed permissions on
  'hupsyslog' and 'rpc.ldmd' (now known as 'ldmd').  'hupsyslog' needs
  to be able to run as 'root' in order to send a HUP signal to the syslog
  daemon, and 'rpc.ldmd/ldmd' needs to initially run as 'root' to get
  port 388.

What Steve did was to force users to do final installation step as 'root',
and this is a good thing.  Over the years, we have had to spend too much
time troubleshooting user problems that eventually were traced down to
their not having fully installed the LDM.

Cheers,

Tom
--
****************************************************************************
Unidata User Support                                    UCAR Unidata Program
(303) 497-8642                                                 P.O. Box 3000
address@hidden                                   Boulder, CO 80307
----------------------------------------------------------------------------
Unidata HomePage                       http://www.unidata.ucar.edu
****************************************************************************


Ticket Details
===================
Ticket ID: EKK-941581
Department: Support LDM
Priority: Normal
Status: Open