IBM Support

IV51898: ROOT OWNED PROGRAM WITH SUID BIT UNABLE TO CHANGE ACCOUNT LOCK APPLIES TO AIX 6100-09

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • A root owned program which has it's suid bit set is not
    able to change the acoount lock status of another user.
    The user has to have the
    aix.security.user.attr.acct_locked authorization.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:
    * Systems running the 6100-09 Technology Level with the
    * bos.rte.security fileset below the 6.1.9.15 level.
    ****************************************************************
    * PROBLEM DESCRIPTION:
    * A root owned program which has it's suid bit set is not
    * able to change the acoount lock status of another user.
    * The user has to have the
    * aix.security.user.attr.acct_locked authorization.
    ****************************************************************
    * RECOMMENDATION:
    * Install APAR IV51898.
    ****************************************************************
    

Problem conclusion

  • Modify the access authorization check to allow SUID programs
    to modify the account_locked attribute.
    

Temporary fix

Comments

  • 6100-08 - use AIX APAR IV51075
    6100-09 - use AIX APAR IV51898
    6100-09 - use AIX APAR IV51898
    6100-09 - use AIX APAR IV51898
    7100-02 - use AIX APAR IV56965
    7100-03 - use AIX APAR IV52790
    

APAR Information

  • APAR number

    IV51898

  • Reported component name

    AIX 610 STD EDI

  • Reported component ID

    5765G6200

  • Reported release

    610

  • Status

    CLOSED PER

  • PE

    YesPE

  • HIPER

    NoHIPER

  • Submitted date

    2013-11-11

  • Closed date

    2013-11-11

  • Last modified date

    2014-08-14

  • APAR is sysrouted FROM one or more of the following:

    IV51075

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    AIX 610 STD EDI

  • Fixed component ID

    5765G6200

Applicable component levels

  • R610 PSY U859288

       UP14/05/21 I 1000

PTF to Fileset Mapping



Document information

More support for: AIX Enterprise Edition

Software version: 610

Operating system(s): AIX

Reference #: IV51898

Modified date: 14 August 2014