The answer is:
caspar ==> You've mounted /usr "nosuid"; well, that will not work.
Yup, outta the box for a net install, /var, /opt and /usr
are all mounted suid!!
Thanks to:
casper@holland.Sun.com for the first fix,
and to:
blake.benton@ptech.com
hargrme@wisdom.maf.nasa.gov
rferrell@usgs.gov
for their time, thoughts and suggestions!
And thanks to the others who will respond before I get this
summary posted!
The question was:
> Problems with Solaris 2.6 hardware 5/98 logins:
>
> Installs on Ultra 10's of 3/98 allowed others
> than root to login to CDE/OW GUI interface, but
> not on 5/98. Telnet logins OK ( running NIS+
> in both 3/98 and 5/98 cases...) This is pretty
> much an out of box full distribution install
> with patches only from install CD.
>
> The login authenticates ok, starts the solaris splash
> screen, but never gets to blue background- goes to
> white screen, then back to GUI login banner. Root
> can login OK.
>
> Also tried local account ( not nis+ ) with same
> results. All NIS+ seems to be working OK, home dirs
> get mounted, resources are available, last shows
> a login with immediate logout.
>
> No errors left in /var/dt/logs/Xerrors, don't see
> any real difference between 3/98 and 5/98 configurations
> for dt ( /usr/dt directory ) except some diffs to
> the bin files.
>
> Also cannot su to root from successful telnet login
> as an nis+ user. This makes me think that it is something
> more than a directory permission/ fb permission thing?!?
>
> Have not seen these features mentioned in the release notes,
> Solaris2 FAQ or FAQ on access1. Thought that there was some
> mention on the list a few weeks ago about not being able to
> get a login with the CDE GUI, but I didn't save any of that thread.
>
> Here are some messages- no man pages for pt_chmod, etc. -- there
> are several of these setuid listed for root logins, too.
> ( uid 1001 is local account, NIS+ uids appear, also...)
>
> unix: NOTICE: ps, uid 1001: setuid execution not allowed, dev=1b4000e
> unix: NOTICE: pt_chmod, uid 1001: setuid execution not allowed, dev=1b4000e
> unix: NOTICE: dtappgather, uid 1001: setuid execution not allowed, dev=1b4000e
> unix: NOTICE: pt_chmod, uid 1001: setuid execution not allowed, dev=1b4000e
> unix: NOTICE: dtprintinfo, uid 0: setuid execution not all owed, dev=1b4000e
Bob Hayes < bob@cs.wwu.edu >
Western Washington University
Computer Science Dept., Bond Hall 302 Mail Stop 9062
Bellingham, Washington 98225
Obbligato Disclaimer: Tell `em Uncle Bob sez so!
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:47 CDT