Patch Name: PHCO_12510 Patch Description: s700_800 10.24 (VVOS) Add shutdown command authorization Creation Date: 97/09/10 Post Date: 97/12/10 Hardware Platforms - OS Releases: s700: 10.24 s800: 10.24 Products: N/A Filesets: OS-Core.UX-CORE OS-Core.CORE-ENG-A-MAN VirtualVaultOS.VVOS-AUX-IA Automatic Reboot?: No Status: General Superseded Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHCO_12510 Symptoms: PHCO_12510: Users with the 'shutdown' command authorization should be able to use the reboot(1m) and shutdown(1m) commands to bring the system down. Currently these two commands require the 'sysadmin' command authorization. Defect Description: PHCO_12510: A new command authorization, 'shutdown', is added to the system. The 'sysadmin' and the 'operator' command authorization imply the 'shutdown' command authorization. The shutdown(1m) and reboot(1m) commands are modified to check for the 'shutdown' command authorization instead of the 'sysadmin' command authorization when the commands are used to bring the system down. The 'sysadmin' command authorization is still required to bring the system to single-user mode. SR: 4701367250 1653225102 Patch Files: /sbin/reboot /sbin/shutdown /usr/share/man/man1m.Z/reboot.1m /usr/share/man/man1m.Z/shutdown.1m /usr/newconfig/etc/auth/system/authorize what(1) Output: /sbin/shutdown: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Tue Oct 21 15:21:16 EDT 1997 $ cmd/reboot/shutdown.c, hpuxcmdcntl, vvos_davis, davi s62 $Date: 97/10/21 15:07:43 $ $Revision: 1. 18 PATCH_10.24 (PHCO_12510) $ $Revision: 78.1 $ lib/libsecurity/identity.c, libsecurity_util, vvos_d avis, davis60 $Date: 97/10/21 14:59:20 $ $Re vision: 1.8 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/mandlib.c, libsecurity_macilb, vvos_ davis, davis60 $Date: 97/10/21 14:59:21 $ $R evision: 1.17 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/privileges.c, libsecurity_util, vvos _davis, davis60 $Date: 97/10/21 14:59:23 $ $ Revision: 1.1.1.12 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/subsystems.c, libsecurity_util, vvos _davis, davis60 $Date: 97/10/21 14:59:25 $ $ Revision: 1.10.1.7 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_conf.c, libsecurity_util, vvos_d avis, davis60 $Date: 97/10/21 15:01:40 $ $Re vision: 1.5 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/discr.c, libsecurity_util, vvos_davi s, davis60 $Date: 97/10/21 14:59:17 $ $Revis ion: 1.7 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/authaudit.c, libsecurity_audit, vvos _davis, davis60 $Date: 97/10/21 14:59:16 $ $ Revision: 1.21 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_nls.c, libsecurity, vvos_davis, davis60 $Date: 97/10/21 15:04:06 $ $Revision : 1.1.1.4 PATCH_10.24 (PHCO_12734) $ lib/libsecurity/acllib.c, libsecurity_acl, vvos_davi s, davis60 $Date: 97/10/21 14:59:15 $ $Revis ion: 1.2.3.2 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/auditdb.c, libsecurity_audit, vvos_d avis, davis60 $Date: 97/10/21 15:01:08 $ $Re vision: 1.15 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/fields.c, libsecurity_ia, vvos_davis , davis60 $Date: 97/10/21 14:59:18 $ $Revisi on: 1.10 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/fileattr.c, libsecurity_fs, vvos_dav is, davis60 $Date: 97/10/21 15:03:11 $ $Revi sion: 1.9 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/getdvagent.c, libsecurity_ia, vvos_d avis, davis60 $Date: 97/10/21 14:59:18 $ $Re vision: 1.14 PATCH_10.24 (PHCO_11251) $ Internal_Unsupported_Version libc.a_ID@@/main/r10dav /libc_dav/15 /ux/libc/libs/libc/archive_pa1/libc.a_ID Oct 21 1997 17:58:50 /sbin/reboot: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Tue Oct 21 15:21:16 EDT 1997 $ $Revision: 78.2 $ cmd/reboot/reboot.c, hpuxcmdcntl, vvos_davis, davis6 2 $Date: 97/10/21 15:07:42 $ $Revision: 1.18 PATCH_10.24 (PHCO_12510) $ $Revision: 72.2 $ lib/libsecurity/identity.c, libsecurity_util, vvos_d avis, davis60 $Date: 97/10/21 14:59:20 $ $Re vision: 1.8 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/privileges.c, libsecurity_util, vvos _davis, davis60 $Date: 97/10/21 14:59:23 $ $ Revision: 1.1.1.12 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/authaudit.c, libsecurity_audit, vvos _davis, davis60 $Date: 97/10/21 14:59:16 $ $ Revision: 1.21 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/subsystems.c, libsecurity_util, vvos _davis, davis60 $Date: 97/10/21 14:59:25 $ $ Revision: 1.10.1.7 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_conf.c, libsecurity_util, vvos_d avis, davis60 $Date: 97/10/21 15:01:40 $ $Re vision: 1.5 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/discr.c, libsecurity_util, vvos_davi s, davis60 $Date: 97/10/21 14:59:17 $ $Revis ion: 1.7 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_nls.c, libsecurity, vvos_davis, davis60 $Date: 97/10/21 15:04:06 $ $Revision : 1.1.1.4 PATCH_10.24 (PHCO_12734) $ lib/libsecurity/mandlib.c, libsecurity_macilb, vvos_ davis, davis60 $Date: 97/10/21 14:59:21 $ $R evision: 1.17 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/acllib.c, libsecurity_acl, vvos_davi s, davis60 $Date: 97/10/21 14:59:15 $ $Revis ion: 1.2.3.2 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/auditdb.c, libsecurity_audit, vvos_d avis, davis60 $Date: 97/10/21 15:01:08 $ $Re vision: 1.15 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/fields.c, libsecurity_ia, vvos_davis , davis60 $Date: 97/10/21 14:59:18 $ $Revisi on: 1.10 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/fileattr.c, libsecurity_fs, vvos_dav is, davis60 $Date: 97/10/21 15:03:11 $ $Revi sion: 1.9 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/getdvagent.c, libsecurity_ia, vvos_d avis, davis60 $Date: 97/10/21 14:59:18 $ $Re vision: 1.14 PATCH_10.24 (PHCO_11251) $ Internal_Unsupported_Version libc.a_ID@@/main/r10dav /libc_dav/15 /ux/libc/libs/libc/archive_pa1/libc.a_ID Oct 21 1997 17:58:50 /usr/share/man/man1m.Z/shutdown.1m: None /usr/share/man/man1m.Z/reboot.1m: None /usr/newconfig/etc/auth/system/authorize: $Revision: Hewlett-Packard ISSL 1.16 etc/auth/system /authorize, files_etc, vvos_davis, davis62 $ $Date: 97/09/11 15:36:44 $ */ etc/auth/system/authorize, files_etc, vvos_davis, da vis62 $Date: 97/10/21 15:07:42 $ $Revision: 1.16 PATCH_10.24 (PHCO_12510) $ cksum(1) Output: 3763544114 532480 /sbin/shutdown 344882128 393216 /sbin/reboot 4281399017 4801 /usr/share/man/man1m.Z/shutdown.1m 643184464 3182 /usr/share/man/man1m.Z/reboot.1m 2540605680 1020 /usr/newconfig/etc/auth/system/authorize Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: None Equivalent Patches: None Patch Package Size: 980 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHCO_12510 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHCO_12510.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHCO_12510.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHCO_12510. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHCO_12510.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHCO_12510.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: When removing the patch from the system, make sure that no user account has the 'shutdown' command authorization. If any of the user accounts has the 'shutdown' command authorization the patch cannot be removed.