TECHNICAL INFORMATION DOCUMENT TITLE: PTF256 - Sacadm and pmadm privilege upgrade DATE: 01SEP95 README FOR: PTF256 PRODUCT and VERSION: UnixWare 1.1 Installation Instructions: DATATYPE: datastream 1. Download the ptf256.Z and ptf256.txt files to the /tmp directory on your machine. 2. Read the release notes contained in this file and follow the instuctions to add the package to your system. 3. Now become root, uncompress the file and add the package to your system using the following commands: $ su # uncompress /tmp/ptf256.Z # pkgadd -d /tmp/ptf256 ENGINEERING REALEASE NOTES -------------------------- PTF256 OVERVIEW --------------- Title ----- PTF256 - Sacadm and pmadm privilege upgrade Product And Version -------------------- UnixWare 1.1, UnixWare 1.1.3, UnixWare 1.1.4. Abstract -------- Upgrade the sacadm and pmadm commands to allow none root users to be assigned administrative privileges to execute these commands via the tfadmin command. Symptom -------- None root users assigned privileges to execute either the sacadm or the pmadm command via the tfadmin command are denied access since their user IDs is NOT root. SOLUTION SPECIFICS ------------------ General Description. ------------------- The sacadm and pmadm commands no longer check to see if the real user ID is root. Instead, process privileges are checked and if the required privileges to run either command are not available, access is denied. New Features. ------------ To give none root users the administrative privileges to execute the sacadm and/or pmadm commands, used the adminrole and adminuser commands to create a new role for these commands and assigned that role to the required users. The following privileges should be assigned to each command: sacadm filesys,setflevel,compat pmadm filesys,setflevel,compat,dacread,dacwrite,owner The assigned user can now execute these commands with tfadmin command. An example of setting up sacadm & pmadm for a none root user of safadm: # su - root # adminrole -n -a sacadm:/usr/sbin/sacdm:filesys:setflevel:compat saf # adminrole -a pmadm:/usr/sbin/pmadm:filesys:setflevel:compat:dacread:dacwrite:owner saf # adminuser -n -o saf safadm Software Notes and Recommendations. ---------------------------------- This PTF can be installed on UnixWare 1.1, UnixWare 1.1.3, or UnixWare 1.1.4 systems and does not need to be re-installed after subsequent UnixWare Updates are installed. This PTF CANNOT be used on UnixWare 2.X systems. Testing of the modified software contained in this package has been conducted only to the extent necessary to confirm that it resolves the problem(s) stated above ("Symptom"). Such testing consists of recreating the problem conditions and verifying that the problem no longer occurs. No other testing of this software has been done. Hardware Notes and Recommendations. ---------------------------------- This PTF is targeted for the i386, i486 and Pentium CPU's.