I am using SCO OSR6 and have used lsof and fuser as root to see who
has a particular file open but now i want to incorporate a similar
test into a script used by normal users.

As a normal user I get the following errors

$ lsof
lsof: can't read kernel name list from /stand/unix

$ /etc/fuser -u thefile
UX:fuser: ERROR: open of /dev/kmem failed: Permission denied

$ ls -l /stand/unix /dev/kmem
cr--r----- 1 root mem 2, 1 Nov 8 10:34 /dev/kmem
-r--r----- 1 bin mem 2890500 May 16 14:15 /stand/unix

Is it advisable to give ordinary users permissions in these areas or
is there some other utility I would be better off using?


Regards

James

On 8 Nov, 15:41, James_Szabadics <jam...@wespine.com> wrote:
> I am using SCO OSR6 and have used lsof and fuser as root to see who
> has a particular file open but now i want to incorporate a similar
> test into a script used by normal users.
>
> As a normal user I get the following errors
>
> $ lsof
> lsof: can't read kernel name list from /stand/unix
>
> $ /etc/fuser -u thefile
> UX:fuser: ERROR: open of /dev/kmem failed: Permission denied
>
> $ ls -l /stand/unix /dev/kmem
> cr--r----- 1 root mem 2, 1 Nov 8 10:34 /dev/kmem
> -r--r----- 1 bin mem 2890500 May 16 14:15 /stand/unix
>
> Is it advisable to give ordinary users permissions in these areas or
> is there some other utility I would be better off using?
>
> Regards
>
> James

Hi James,

It would be a bad idea to start changing perms in these areas as you
would leave yourself wide open in terms of system security.

However OSR6 like UnixWare 7 has the "tfadmin" facility which allows
users to run privelaged commands which should do the job for you.
Check out the following SCO TA :

http://wdb1.sco.com/kb/showta?taid=1...6055&pgn um=1

Let me know if this doesn't help or you require further advice.

In article <1194485784.336363.171560@v23g2000prn.googlegroups .com>,
James_Szabadics <jamess@wespine.com> wrote:
>I am using SCO OSR6 and have used lsof and fuser as root to see who
>has a particular file open but now i want to incorporate a similar
>test into a script used by normal users.
>
>As a normal user I get the following errors
>
>$ lsof
>lsof: can't read kernel name list from /stand/unix
>
>$ /etc/fuser -u thefile
>UX:fuser: ERROR: open of /dev/kmem failed: Permission denied
>
>$ ls -l /stand/unix /dev/kmem
>cr--r----- 1 root mem 2, 1 Nov 8 10:34 /dev/kmem
>-r--r----- 1 bin mem 2890500 May 16 14:15 /stand/unix
>
>Is it advisable to give ordinary users permissions in these areas or
>is there some other utility I would be better off using?

It looks like lsof gives up its setgid mem before attempting to open
/stand/unix. You can address that by making /stand/unix all-readable:

# btmnt -w
# chmod a+r /stand/unix
# btmnt -r

You'll need to arrange for those permissions to be set whenever you relink.

John
--
John DuBois spcecdt@armory.com KC6QKZ/AE http://www.armory.com/~spcecdt/

On Nov 9, 1:18 am, Upsidedown Head <simon.bower...@hotmail.co.uk>
wrote:
> On 8 Nov, 15:41, James_Szabadics <jam...@wespine.com> wrote:
>
>
>
>
>
> > I am using SCO OSR6 and have used lsof and fuser as root to see who
> > has a particular file open but now i want to incorporate a similar
> > test into a script used by normal users.
>
> > As a normal user I get the following errors
>
> > $ lsof
> > lsof: can't read kernel name list from /stand/unix
>
> > $ /etc/fuser -u thefile
> > UX:fuser: ERROR: open of /dev/kmem failed: Permission denied
>
> > $ ls -l /stand/unix /dev/kmem
> > cr--r----- 1 root mem 2, 1 Nov 8 10:34 /dev/kmem
> > -r--r----- 1 bin mem 2890500 May 16 14:15 /stand/unix
>
> > Is it advisable to give ordinary users permissions in these areas or
> > is there some other utility I would be better off using?
>
> > Regards
>
> > James
>
> Hi James,
>
> It would be a bad idea to start changing perms in these areas as you
> would leave yourself wide open in terms of system security.
>
> However OSR6 like UnixWare 7 has the "tfadmin" facility which allows
> users to run privelaged commands which should do the job for you.
> Check out the following SCO TA :
>
> http://wdb1.sco.com/kb/showta?taid=1...&sid=522376055...
>
> Let me know if this doesn't help or you require further advice.- Hide quoted text -
>
> - Show quoted text -

Hmm,

$ man tfadmin
man: tfadmin not found
$ find /sbin -name tfadmin*
$

It seems OSR6 doesnt natively have tfadmin. Maybe it has the OSR5
equivalent if such a thing exists? I would prefer to use this in the
script rather than change perms. Any ideas on where to from here?

Regards

James

In article <1194582102.637710.251860@s15g2000prm.googlegroups .com>,
James_Szabadics <jamess@wespine.com> wrote:
>On Nov 9, 1:18 am, Upsidedown Head <simon.bower...@hotmail.co.uk>
>wrote:
>> On 8 Nov, 15:41, James_Szabadics <jam...@wespine.com> wrote:
>>
<snip>
>>
>It seems OSR6 doesnt natively have tfadmin. Maybe it has the OSR5
>equivalent if such a thing exists? I would prefer to use this in the
>script rather than change perms. Any ideas on where to from here?
>
its been awhile since i've been on SCO, but there is something
out there called 'sudo' which can allow you to setup a configuration
to allow certain users or groups to run commands in a priviledged
mode.

i believe there is also something called 'asroot' which is
in Openserver.


Dave