IC63959: SECURITY: INCORRECT FILE PERMISSION AND AUTHORIZATION FOR HA SCR IPTSWHEN INSTALLED VIA V9.5.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • In V9.5 we have introduced the integrated high Availability (HA)
    solution with TSA. This scripts is automatically installed
    inside the /usr/sbin/rsct/sapolicies/db2 directory. However
    the files when installed have incorrect file permissions and
    authorization.
    Here's the list of files installed...
     $ ls -ltr /usr/sbin/rsct/sapolicies/db2
        total 112
        -r-xr-xr-x  1 18597 7777 1312 Aug 27  2007 lockreqprocessed
        -r-xr-xr-x  1 18597 7777 3617 Aug 27  2007 hadrV95_stop.ksh
        -r-xr-xr-x  1 18597 7777 3621 Aug 27  2007 hadrV95_start.ksh
        -r-xr-xr-x  1 18597 7777 2926 Jan 21  2008
    db2V95_monitor.ksh
        -r-xr-xr-x  1 18597 7777 5377 Feb 14  2008 db2V95_start.ksh
        -r-xr-xr-x  1 18597 7777 4615 Feb 22  2008
    mountV95_monitor.ksh
    -r-xr-xr-x  1 18597 7777 4535 Oct  3  2008 hadrV95_monitor.ksh
        -r-xr-xr-x  1 18597 7777 4906 Jan  5  2009
    mountV95_start.ksh
        -rw-r--r--  1 root  root  199 Sep 11 12:35 spec
    

Local fix

  • Current fix is to manually change the file authorizations to
    be root/root and file permission should be -r-xr-xr-x.
    

Problem summary

  • Users Affected : All
    Problem Description :
    Security: Incorrect file permission and authorization for HA
    scripts when installed via V9.5. Problem can also occur in V9.7.
    Problem Summary :
    In V9.5 we have introduced the integrated high Availability (HA)
    solution with TSA. This scripts is automatically installed
    inside the /usr/sbin/rsct/sapolicies/db2 directory. However
    the files when installed have incorrect file permissions and
    authorization.
    Here's the list of files installed...
     $ ls -ltr /usr/sbin/rsct/sapolicies/db2
        total 112
        -r-xr-xr-x  1 18597 7777 1312 Aug 27  2007 lockreqprocessed
        -r-xr-xr-x  1 18597 7777 3617 Aug 27  2007 hadrV95_stop.ksh
        -r-xr-xr-x  1 18597 7777 3621 Aug 27  2007 hadrV95_start.ksh
        -r-xr-xr-x  1 18597 7777 2926 Jan 21  2008
    db2V95_monitor.ksh
        -r-xr-xr-x  1 18597 7777 5377 Feb 14  2008 db2V95_start.ksh
        -r-xr-xr-x  1 18597 7777 4615 Feb 22  2008
    mountV95_monitor.ksh
    -r-xr-xr-x  1 18597 7777 4535 Oct  3  2008 hadrV95_monitor.ksh
        -r-xr-xr-x  1 18597 7777 4906 Jan  5  2009
    mountV95_start.ksh
        -rw-r--r--  1 root  root  199 Sep 11 12:35 spec
    

Problem conclusion

  • Problem was first fixed in V9.7 FP1.
    

Temporary fix

  • Current workaround is to manually change the file authorizations
    to be root/root and file permission should be -r-xr-xr-x.
    

Comments

APAR Information

  • APAR number

    IC63959

  • Reported component name

    DB2 FOR LUW

  • Reported component ID

    DB2FORLUW

  • Reported release

    970

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2009-10-22

  • Closed date

    2009-12-15

  • Last modified date

    2009-12-15

  • APAR is sysrouted FROM one or more of the following:

    IC63581

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • INSTALL
    

Fix information

  • Fixed component name

    DB2 FOR LUW

  • Fixed component ID

    DB2FORLUW

Applicable component levels

  • R970 PSN

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

DB2 for Linux, UNIX and Windows

Software version:

9.7

Reference #:

IC63959

Modified date:

2009-12-15

Translate my page

Machine Translation

Content navigation