From: Sun List (magnet@mailbag.com)
Date: Sat Oct 09 2004 - 22:53:10 EDT
Thanks to Simon Burr for pointing me to the answer:
Its due to pkgadd running the request script as the install user if it
exists; if the install user does not exist then the nobody user is used
instead. Basically this is a bug in the package you've got - its not going
to work at all.
See page 63 of "Application Packaging Developer's Guide", available from:
http://docs-pdf.sun.com/806-7008/806-7008.pdf
I was able to weasel around this by adding the install user with an uid of 0,
and installing the package. In the interest of paranoia, I deleted the install
user afterwards.
I'm sure that I could have figured out how to alter the package or the
installation process, but in the interest of expediency I took the easy way out.
A couple of others asked some good questions. In particular, was an NFS mount
involved? The answer is no. Someone else asked what id said, which I idiotically
did not mention. Nor did I mention that neither NIS nor NIS+ were involved.
Much to my embarassment, this is in the FAQ. In my defense, the symptoms it
mentions are a bit different.
http://www.science.uva.nl/pub/solaris/solaris2/Q5.59.html
The original message:
I would like to install a package. When I run pkgadd, it claims I have an
effective uid of 60001 (nobody) even though I'm running as root:
You must be superuser to run this script!
Your current effective uid is 60001!
pkgadd: ERROR: request script did not complete successfully
It's Solaris 9, and as far as I can tell all the RBAC stuff is in order:
# roles root.
No roles
# profiles root
All
Basic Solaris User
# auths root
solaris.*
# egrep root /etc/user_attr
root::::auths=solaris.*,solaris.grant;profiles=All
# egrep pkgadd /etc/security/exec_attr
Software Installation:suser:cmd:::/usr/sbin/pkgadd:uid=0;gid=bin
# egrep -i software /etc/security/prof_attr
Software Installation:::Add application software to the
system:help=RtSoftwareInstall.html;auths=solaris.admin.prodreg.read,solaris.admin.prodreg.modify,solaris.admin.prodreg.delete,solaris.admin.dcmgr.admin,solaris.admin.dcmgr.read,solaris.admin.patchmgr.*
Before I pull out what's left of my hair, what am I missing here?
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:29:33 EDT