From: Proenca, Luis (Luis.Proenca@hp.com)
Date: Fri Nov 08 2002 - 08:27:56 EST
Many thanks to Mr Martin Moore !!!
All the best !
Luis
----------------
When you configured Enhanced Security, you accidentally checked the "Execute bit set only by root" option on the System Options screen. This is extremely easy to do because it's the middle of three options, and the two on either side of it are checked by default; it's natural to want to check the middle one as well.
This sets a kernel parameter called noadd_exec_access in the vfs subsystem to 1. You can verify that the parameter is set with the following command:
# sysconfig -q vfs noadd_exec_access
This parameter, when set, prevents non-root users from setting the x bit on any file. It's an extra security precaution (originally designed for firewalls) to help prevent the introduction of trojan horse programs.
To fix the problem, you need to set noadd_exec_access back to 0. You can either do this with sysconfigdb or by running "sysman secconfig" again, skipping forward to the System Options screen, and unchecking "Execute bit set only by root". You'll need to reboot to make the new parameter value take effect.
-----------------Original msg ---------------------------
Hi everybody,
I have a alpha1000 with tru64 5.1 (pk1) with security enhanced (C2),
and actually all users cannot set "execute" permission on any file ?
After doing a chmod 777 on a file = it takes "rw-rw-rw" no execute (x)
Any idea ?
Thanks a lot for your help
Cheers
Luis Proença
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:58 EDT