[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[LDM #EKK-941581]: LDM 6.9.0.6 password/security ramification issues?



Hi Gilbert (with CC to Tyler),

I just couldn't resist jumping in here...

re:
> Tyler Allison and I have been discussing the issue about needing to enter
> the ldm and root passwords to get LDM 6.9X to install. As I am probably
> not anywhere fully understanding the ramifications and how/why this is
> done, could you please explain to us why it is needed, and when it occurs
> in the install process?

This requirement is _no_ different than for all previous versions of the
LDM:

- one has to logon as the user running the LDM to build it
- one has always needed to run 'make install_setuids' as 'root' to
  finish the installation

  Reminder: the action done by 'root' sets the needed permissions on
  'hupsyslog' and 'rpc.ldmd' (now known as 'ldmd').  'hupsyslog' needs
  to be able to run as 'root' in order to send a HUP signal to the syslog
  daemon, and 'rpc.ldmd/ldmd' needs to initially run as 'root' to get
  port 388.

What Steve did was to force users to do final installation step as 'root',
and this is a good thing.  Over the years, we have had to spend too much
time troubleshooting user problems that eventually were traced down to
their not having fully installed the LDM.

Cheers,

Tom
--
****************************************************************************
Unidata User Support                                    UCAR Unidata Program
(303) 497-8642                                                 P.O. Box 3000
address@hidden                                   Boulder, CO 80307
----------------------------------------------------------------------------
Unidata HomePage                       http://www.unidata.ucar.edu
****************************************************************************


Ticket Details
===================
Ticket ID: EKK-941581
Department: Support LDM
Priority: Normal
Status: Open


NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.