This is an open forum for CATIA & CADAM users worldwide. Feel free to discuss any issues pertaining to CATIA/CADAM software, hardware platforms, Operating System software, Training & Support.
The intent is to provide a discussion area where users can help each other, no matter what time zone you're in! COE retains the right to delete any posting, which in the judgment of the Board of Directors, is not in the interest of the User Community.
     |
| load module can't set userid to root | |
How do I supress this bogus "error" message?
|
David Filmer | 09/03/02 | |
The module to which JS0PSC is a link should be suid root
|
Leonard E. Salika | 09/04/02 | |
|
Messy, messy, messy
|
David Filmer | 09/09/02 | |
|
alternative solution
|
Gary Hornyak | 09/10/02 | |
|
Don't forget that there are more suid root executables ...
|
Leonard E. Salika | 09/10/02 | |
Post new message in this thread
Date:
September 03, 2002 06:20 PM
Author: David Filmer
(DavidFilmer@Freightliner.com)
Subject: How do I supress this bogus "error" message?
Anytime I run any CATIA utilities, I get a completely spurious message (both to the console as well as to the CATWHATEVER.out file) that says:
JS0PSC load module can't set userid to root: Not owner
Check aix file permission: Not owner
It appears that something in the utility is trying to do a suid to root (a pretty stupid thing to try to do). The "error" is bogus and irrelevant; the utility goes on to process normally and succeed or fail on its own merits.
Unfortunately, while I know this is bogus, USERS don't, and are often troubled by an apparent problem. Does anyone know how I can supress this behavior to avoid confusing the users?
(http://neo3.sba.com/forums/Index.cfm?CFApp=57&Message_ID=73625)
Date:
September 04, 2002 05:16 PM
Author: Leonard E. Salika
(lsalika@csc.com)
Subject: The module to which JS0PSC is a link should be suid root
The module to which $CATIA/code/steplib/JS0PSC is a soft
link is one of several in CATIA V4 which is supposed to be
suid root. Did you change permissions or ownership on these
modules, or do you have them mounted from a server with the
nosuid option?
On my AIX V424 Refresh 2 system JS0PSC is a link to:
-rwsrwsr-t 1 root system 2743 Jan 11 2002 unload/code/steplib/JS1PSAAA
If you told us your OS and precise release and refresh
level, someone with a similar configuration might be able to
tell you all the modules in the unload/code/steplib
directory that are suposed to be suid root for your
release.
(http://neo3.sba.com/forums/Index.cfm?CFApp=57&Message_ID=73642)
Date:
September 09, 2002 06:18 PM
Author: David Filmer
(DavidFilmer@Freightliner.com)
Subject: Messy, messy, messy
Thank you, Leonard, for your reply; sorry about the delay in responding...
Yes, this is what is happening. Our system is CATIA 4.2.4r2 on AIX 4.3.3, but running shared code from a DCE/DFS filesystem. We don't install ANY non-OS applications as root (egad, what a thing to do!). So, for us, JS0PSC is a symlink to
-rwxrwxr-x 1 prod prod 2743 Jan 11 2002 /catia/vc/v424r2/unload/code/steplib/JS1PSAAA
As you see, there is no setuid bit on that program (and, if there were, it would setuid to user "prod" which is the proper application installer userid). But, sure enough, if I try to run this program, I get
/catia/vc/v424r2/unload/code/steplib/JS1PSAAA load module can't set userid to root: Not owner
Check aix file permission: Not owner
The program is apparently trying to do a setuid to root (of all things) internally; a 'strings' command on the binary itself reveals the internally-coded error message
%s load module can't set userid to root
(note this message is hard-coded to the root userid). Very, very sloppy programming, IMHO. FWIW, there are 4743 files in my steplib directory, and this is the ONLY one that has this message encoded within.
The message is COMPLETELY IRRELEVANT (the inability to setuid to root doesn't affect the execution of the program in any way). But it confuses the heck out of users, who see this "error" EVERY TIME they run any sort of CATUTIL.
I see only two options: Change file ownership to root (which we will absolutely NOT do) or go into a hex editor and do a character-replace on the binary itself to change the message to something innocuous (which is silly). There's GOT to be a better way to keep from scaring the users!
(http://neo3.sba.com/forums/Index.cfm?CFApp=57&Message_ID=73716)
Date:
September 10, 2002 09:13 AM
Author: Gary Hornyak
(ghornyak@us.ibm.com)
Subject: alternative solution
Another possible solution to eliminate the message would be to modify the shell scripts (such as catutil) to remove the procedure call to "cleaner" which calls the JS0PSC program or redirect the output (stderr) of JS0PSC to /dev/null, (similar to what is done in the catini shell script, which also invokes JS0PSC).
What JS0PSC Does and Why setuid is needed?: The JS0PSC program makes a call to the AIX program "slibclean" which is the reason for the setuid to root. The following is extracted from "man slibclean", in case you are not familiar with this program:
'The slibclean command unloads all object files with load and use counts of 0. It can also be used to remove object files that are no longer used from both the shared library region and in the shared library and kernel text regions by
removing object files that are no longer required.'
On today's workstations with large amounts of physical memory, it probably isn't as important to execute the slibclean as it was when workstations had 64 MB (or less) of real memory. Given the "special purpose" of the JS0PSC program (basically does the code to run with root privilege, executes the slibclean utility as root then exits) the risk of allowing JS0PSC to run setuid root is little or none.
If you do do choose to enable the setuid on DFS, I believe you also need to execute the DFS command "cm setsetuid" on the DFS "mount point" of the CATIA binaries. Otherwise, it may be best to modify the shell scripts that invoke the JS0PSC program, rather than attempt to modify the JS0PSC program. Hope this helps.
(http://neo3.sba.com/forums/Index.cfm?CFApp=57&Message_ID=73724)
Date:
September 10, 2002 06:53 PM
Author: Leonard E. Salika
(lsalika@csc.com)
Subject: Don't forget that there are more suid root executables ...
David will have to do a similar case-by-case analysis of
each of the suid root executables, whose ownership and
attributes he has changed. With the mix of products that
our site installs, there are four of these in AIX CATIA V424
(including JS0PSC, which you have described) and one in
CATIA V5.
(http://neo3.sba.com/forums/Index.cfm?CFApp=57&Message_ID=73733)