SEO

Hi,

my problem: "normal" non-root-users on an AIX 5.2 system don't get their
username.
Example:

aix9:/> id
uid=0(root) gid=0(system)
groups=2(bin),3(sys),7(security),8(cron),10(audit) ,11(lp)
aix9:/>
aix9:/> /bin/su - informix -c "id"
uid=1001 gid=1000
aix9:/>
aix9:/> /bin/su - informix -c "id -nu"
Could not get "user" information
aix9:/>
aix9:/> su - informix -c whoami
whoami: The user name is not recognized.
aix9:/>
aix9:/> su informix -c 'lsuser -a id ALL'
ldapuser1 id=5452
ldapuser2 id=5454
ldapuser3 id=5455
(shows only ldap-user, no local users)

Does anyone have any ideas? Please let me know.
Thanks in advance

Werner

============== details =======================================

I tried to debug what happens with
truss -e /bin/su - informix -c "id -nu"
These files were opened:
open("/var/adm/sulog", O_WRONLY|O_CREAT|O_APPEND) = 3
open("/unix", O_RDONLY|O_LARGEFILE) = 4
open("/usr/lib/nls/msg/en_US/ksh.cat", O_RDONLY) = 3
open("/etc/profile", O_RDONLY) Err#13 EACCES
open(".profile", O_RDONLY) = 3
open("/homeaix9/profile.informix", O_RDONLY) = 3
open("/unix", O_RDONLY|O_LARGEFILE) = 3
but I cannot find s.th. unusual.

aix9:/> cat /etc/security/user
default:
admin = false
login = true
su = true
daemon = true
rlogin = true
sugroups = ALL
admgroups =
ttys = ALL
auth1 = SYSTEM
* auth2 = NONE
auth2 = AUTHLOG
tpath = nosak
umask = 022
expires = 0
* SYSTEM = "compat"
* SYSTEM = "LDAP OR compat"
SYSTEM = "LDAP"
* registry = files
registry = LDAP
logintimes =
pwdwarntime = 0
account_locked = false
loginretries = 0
histexpire = 0
histsize = 0
minage = 0
maxage = 0
maxexpired = -1
minalpha = 0
minother = 0
minlen = 0
mindiff = 0
maxrepeats = 8
dictionlist =
pwdchecks =

root:
admin = true
SYSTEM = "compat"
registry = files
loginretries = 0
account_locked = false

informix:
admin = false
auth1 = SYSTEM
SYSTEM = "compat"
registry = files

aix9:/> ls -l /etc/passwd
-rw-r--r-- 1 root security 872 22 Dez 20:16 /etc/passwd
aix9:/> ls -l /etc/security/passwd
-rw------- 1 root security 506 21 Dez 12:04
/etc/security/passwd
aix9:/> ls -l /etc/security/user
-rw-r----- 1 root security 11188 23 Dez 09:47 /etc/security/user
aix9:/>

No wonder - only root can read /etc/passwd.
chmod 644 /etc/passwd
-rw-r--r-- 1 root security 4086 Dec 17 12:22 /etc/passwd
chmod 640 /etc/security/user
-rw-r----- 1 root security 10301 Dec 17 12:22
/etc/security/user

"Greg Beeker" <gbeeker@gmail.com> schrieb im Newsbeitrag
news:1103813602.266049.67390@z14g2000cwz.googlegro ups.com...
> No wonder - only root can read /etc/passwd.
> chmod 644 /etc/passwd
> -rw-r--r-- 1 root security 4086 Dec 17 12:22 /etc/passwd
> chmod 640 /etc/security/user
> -rw-r----- 1 root security 10301 Dec 17 12:22
> /etc/security/user
>

Thank you, but this is not the answer.
That are the aix default values for permissions/owner/group for /etc/passwd.
Even if the user becomes owner of /etc/passwd the problem remains:

aix9:/> chown uucp:uucp /etc/passwd
aix9:/> ls -l /etc/passwd
-rw-r--r-- 1 uucp uucp 872 22 Dez 20:16 /etc/passwd
aix9:/>
aix9:/> su - uucp -c id -nu
3004-800 Could not get "user" information
aix9:/>
aix9:/> su - uucp -c id
uid=5 gid=5
aix9:/>


Rgds
Werner

"Greg Beeker" <gbeeker@gmail.com> schrieb im Newsbeitrag
news:1103813602.266049.67390@z14g2000cwz.googlegro ups.com...
> No wonder - only root can read /etc/passwd.
> chmod 644 /etc/passwd
> -rw-r--r-- 1 root security 4086 Dec 17 12:22 /etc/passwd
> chmod 640 /etc/security/user
> -rw-r----- 1 root security 10301 Dec 17 12:22
> /etc/security/user
>

thank you, but this cannot be the reason because that are the default
aix-values.
Even if I give the user ownership of /etc/passwd the problem remains:

aix9:/> chown uucp:uucp /etc/passwd
aix9:/>
aix9:/> ls -l /etc/passwd
-rw-r--r-- 1 uucp uucp 872 22 Dez 20:16 /etc/passwd
aix9:/>
aix9:/> su - uucp -c id -nu
3004-800 Could not get "user" information
aix9:/>
aix9:/> su - uucp -c id
uid=5 gid=5
aix9:/>

rgds
Werner

Werner Behnke <w.behnke@uni-bonn.de> wrote:
> my problem: "normal" non-root-users on an AIX 5.2 system don't get their
> username.
> Example:
>
> aix9:/> id
> uid=0(root) gid=0(system)
> groups=2(bin),3(sys),7(security),8(cron),10(audit) ,11(lp)
> aix9:/>
> aix9:/> /bin/su - informix -c "id"
> uid=1001 gid=1000

>
> ============== details =======================================
>
> I tried to debug what happens with
> truss -e /bin/su - informix -c "id -nu"
> These files were opened:

> open("/etc/profile", O_RDONLY) Err#13 EACCES

> but I cannot find s.th. unusual.

I can :^)
Maybe a 'chown 0644 /etc/profile' can remedy your problem.

Yours,
Laurenz Albe

"Laurenz Albe" <albe@culturallNOSPAM.com> schrieb im Newsbeitrag
news:cqp276$apn$1@at-vie-newsmaster01.nextra.at...
> Werner Behnke <w.behnke@uni-bonn.de> wrote:
> > my problem: "normal" non-root-users on an AIX 5.2 system don't get their
> > username.
> > Example:
> >
> > aix9:/> id
> > uid=0(root) gid=0(system)
> > groups=2(bin),3(sys),7(security),8(cron),10(audit) ,11(lp)
> > aix9:/>
> > aix9:/> /bin/su - informix -c "id"
> > uid=1001 gid=1000
>
> >
> > ============== details =======================================
> >
> > I tried to debug what happens with
> > truss -e /bin/su - informix -c "id -nu"
> > These files were opened:
>
> > open("/etc/profile", O_RDONLY) Err#13 EACCES
>
> > but I cannot find s.th. unusual.
>
> I can :^)
> Maybe a 'chown 0644 /etc/profile' can remedy your problem.
>
> Yours,
> Laurenz Albe

thank you, but the problem still exists (r-xr-xr-x seem to be aix-default):

aix9:/> ls -l /etc/profile
-r-xr-xr-x 1 bin bin 1801 13 Sep 2002 /etc/profile
aix9:/>
aix9:/> chmod 0644 /etc/profile
aix9:/>
aix9:/> su - uucp -c id -nu
3004-800 Could not get "user" information
aix9:/>

Regards
Werner

Werner Behnke <w.behnke@uni-bonn.de> wrote:
>> > my problem: "normal" non-root-users on an AIX 5.2 system don't get their
>> > username.
>> >
>> > aix9:/> /bin/su - informix -c "id"
>> > uid=1001 gid=1000
>>
>> > I tried to debug what happens with
>> > truss -e /bin/su - informix -c "id -nu"
>> > These files were opened:
>>
>> > open("/etc/profile", O_RDONLY) Err#13 EACCES

>> Maybe a 'chown 0644 /etc/profile' can remedy your problem.

> thank you, but the problem still exists (r-xr-xr-x seem to be aix-default):

r-xr-xr-x = 0555 is ok, I didn't mean to change the default.

Still, you have a problem accessing /etc/profile, as your trace indicates.
Can you 'cat /etc/profile' as user informix?

Have you fiddled with ACL?
What are the permissions of /etc?
Does it work for other users?
Do you get the same access denied message if you run truss as user informix?

Yours,
Laurenz Albe

My mistake, I misread your post, thinking the perms on /etc/passwd were
rw-r-----.

I see your trace shows the SYSTEM auth method is LDAP, with the others
commented with *s. If you change the auth method for the default user
from LDAP to compat, does that fix the problem? If so, then LDAP must
be where the problem lies.

"Laurenz Albe" <albe@culturallNOSPAM.com> schrieb im Newsbeitrag
news:cqpcb2$i0s$1@at-vie-newsmaster01.nextra.at...
> Werner Behnke <w.behnke@uni-bonn.de> wrote:
> >> > my problem: "normal" non-root-users on an AIX 5.2 system don't get
their
> >> > username.
> >> >
> >> > aix9:/> /bin/su - informix -c "id"
> >> > uid=1001 gid=1000
> >>
> >> > I tried to debug what happens with
> >> > truss -e /bin/su - informix -c "id -nu"
> >> > These files were opened:
> >>
> >> > open("/etc/profile", O_RDONLY) Err#13 EACCES
>
> >> Maybe a 'chown 0644 /etc/profile' can remedy your problem.
>
> > thank you, but the problem still exists (r-xr-xr-x seem to be
aix-default):
>
> r-xr-xr-x = 0555 is ok, I didn't mean to change the default.
>
> Still, you have a problem accessing /etc/profile, as your trace indicates.
> Can you 'cat /etc/profile' as user informix?
>
> Have you fiddled with ACL?
> What are the permissions of /etc?
> Does it work for other users?
> Do you get the same access denied message if you run truss as user
informix?
>
> Yours,
> Laurenz Albe

Bingo!

aix9:/> ls -ld /etc
drw-r--r-- 28 informix informix 12288 27 Dez 17:48 etc
aix9:/> chown root:system etc
aix9:/> chmod 755 etc
aix9:/>

Now it works (thanks a lot!):

aix9:/> su - uucp -c id -nu
uucp
aix9:/>
aix9:/> su - informix -c id -nu
informix
aix9:/>

Regards,
Werner