Classification:
Prologue: From the desk of Matt Anglin, ADSM Development
Epilogue:
The client readme file for 2.1.0.6 and the server readme file for 2.1.0/5.12
both contain the instructions necessary for using Shared Memory for non-root
users. The easiest way is to specify PASSWORDACCESS GENERATE in the server
stanza in dsm.sys. This forces another process (called the tca [aka dsmtca])
to run as root and act as a go-between for the client and the server. Other
ways are to change the permissions bits of the dsmc command. Here's the
excerpt from the README files:
IMPORTANT!!! - There are some RESTRICTIONS for the Shared Memory Protocol:
1. The user executing the client process (be it dsm, dsmc, etc) must been
running as either root or as the same uid of the processing running
the server (dsmserv). There are some work-arounds for the restrictions,
none of which eliminates the requirements for authenticating to the
server. In other words, these work-arounds simply allow non-root users
to use the shared memory protocol. The user will still need to supply
a valid password, if one would have been required anyway. The
work-arounds are:
A. If you use passwordaccess=generate in the dsm.sys options file,
ADSM will use the dsmtca process. The dsmtca process runs as root,
so it will have the authority to connect. This work-around can be
used for the backup/archive clients (dsm and dsmc).
B. For the admin clients (dsmadm and dsmadmc), the dsmtca process is not
used. You can, however, change the ownership of the dsmadm and
dsmadmc programs to root and set the setuid bit on. Example:
chown root.system dsmadmc
chmod u+s dsmadmc
This will cause dsmadmc to execute as root, which gives it authority
to connect. You still need to pass authentication checking for the
actual admin session.
C. For programs using the API, you can do the same as in B. above. That
is, make the program owner root, and set the setuid bit on.
Matt Anglin
ADSM Development
owner-adsm-l @ VM.MARIST.EDU
03/04/97 01:05 PM
Please respond to ADSM-L AT VM.MARIST DOT EDU@internet
To: ADSM-L @ VM.MARIST.EDU@internet
cc:
Subject: Shared memory communication on AIX
We're just getting started with the ADSM server on AIX. We are running
version 2.1.5.12 of the AIX server and version 2.1.0.6 of the AIX client
under AIX 4.1.5. I wanted to use shared memory for client connections on
the same machine as the server. I specified "commmethod sharedmem" and
"shmport 1510" in both dsm.sys and dsmserv.opt. The connection works fine
if I am logged on, or su-ed, to root. However, for a non-root user, I get
the following message, which is not documented in the messages manual:
ANS4475E Insufficient authority to connect to the shared memory region
What do I need to do to be able to use shared memory with a non-root client
user?
---------------------------------------------------------------------------
Larry Sanders Internet: cclrs AT mizzou1.missouri DOT
edu
Larry Sanders Internet: cclrs AT mizzou1.missouri DOT
edu
University Computing Services BITNET: CCLRS@MIZZOU1
University of Missouri - Columbia
|