Kbase P78703: Starting the AdminServer as non-root account
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
10/16/2008 |
|
Status: Unverified
FACT(s) (Environment):
Progress 9.1D
FACT(s) (Environment):
UNIX
SYMPTOM(s):
Shadow password is NULL (9906)
Invalid username and/or password specification. (9173)
Progress Explorer cannot connect to AdminServer
Not willing to change the read access rights on /etc/password and /etc/shadow or any other relevant files so that non-root user can start AdminServer
Do not want to allow the AdminServer to start as the root user or using sudo
CAUSE:
The Progress AdminServer has to first validate the user password before it can start. If the AdminServer has been started under "non-root" user, this user does not have permissions to read /etc/shadow file. For security reasons, only the root user has -r- permissions granted for this file.
FIX:
The following describes a possible workaround that enables the AdminServer to start as a root process so that it can do its authentication job properly without the user starting the AdminServer having to have root access.
** This solution has not been fully tested **
STEPS:
0) Start session as root user
1) Copy $DLC/bin/jvmStart $DLC/bin/_proadsv
2) Set the suid bit on the executable:
$ chmod 4755 _proadsv
-rwsr-xr-x 1 root root 42395 Apr 30 12:30 _proadsv
3) Edit $DLC/bin/proadsv script to run _proadsv instead of jvmStart:
JVMSTRT=${JVMSTRT-$DLC/bin/_proadsv}