APAR status
Closed as program error.
Error description
Environment: ITM 6.2 on Unix, OS Agent Problem Description: As of IBM Tivoli Monitoring v 6.2 Fix Pack 1, the requirement for the stat_daemon binary to have the SUID bit set on the UNIX platform has been removed. Please see Technote Ref # 1293969. SetPerm and secureMain should not set any SUID bits or change the group ownership to 0. Detailed Recreation Procedure: 1. Install 6.2 OS Agent as non-root (itmuser) 2. Observe the stat_daemon permissions -rwxrwxrwx 1 itmuser staff 1483448 Oct 17 15:59 stat_daemon 3. Run bin/secureMain lock 4. Observe the stat_daemon permissions -rwxr-sr-x 1 itmuser system 1483448 Oct 17 15:59 stat_daemon The permissions should be -rwxr-xr-x 1 itmuser staff 1483448 Oct 17 15:59 stat_daemon
Local fix
Work Around Follow the instructions in the Technote: http://www-01.ibm.com/support/docview.wss?rs=2366&context=SSZ8F3 &context =SSCQLMD&context=SSCQLME&context=SSCQLMF&context=SSCQLMG&context =SSCQLMH &context=SSCQLMJ&context=SSCQLMK&context=SSCQLML&context=SSCQLMN &context =SSCQLMP&context=SSCQLMQ&context=SSCQLMR&context=SSCQLMS&context =SSCQLMT &context=SSCQLMU&context=SSCQLMV&context=SSCQLMX&context=SSCQLMY &context =SSCQLMZ&q1=unix+permissions&uid=swg21293969&loc=en_US&cs=utf-8& lang=en OR http://www-01.ibm.com/support/docview.wss?uid=swg21293969
Problem summary
As of IBM Tivoli Monitoring v 6.2 Fix Pack 1, the requirement for the stat_daemon binary to have the SUID bit set on the UNIX platform has been removed, but is now required for the kuxagent binary. As a result, the install utility secureMain needs to be modified to set the correct permissions.
Problem conclusion
The code was modified to change the sticky bit and execute permissions of the kuxagent, and clear the special permissions on stat_daemon. The fix for this APAR is contained in the following maintenance packages: | fix pack | 6.2.0-TIV-ITM-FP0003 | MDVREGR 6.2.0-TIV-ITM-FP0003 |
Temporary fix
Comments
APAR Information
APAR number
IZ35328
Reported component name
OMEG DIST INSTA
Reported component ID
5608A41CI
Reported release
620
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-10-20
Closed date
2009-04-20
Last modified date
2010-07-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
OMEG DIST INSTA
Fixed component ID
5608A41CI
Applicable component levels
R620 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"620","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
14 November 2022