IZ35328: DO NOT SET GROUP SID BIT AND GROUP OWNERSHIP FOR STAT

APAR status

Closed as program error.

Error description

Environment:
ITM 6.2 on Unix, OS Agent
Problem Description:
  As of IBM Tivoli Monitoring v 6.2 Fix Pack 1, the requirement
for the
  stat_daemon binary to have the SUID bit set on the UNIX
platform has
  been removed.  Please see Technote Ref # 1293969.  SetPerm and
  secureMain should not set any SUID bits or change the group
  ownership to 0.
Detailed Recreation Procedure:
  1. Install 6.2 OS Agent as non-root (itmuser)
  2. Observe the stat_daemon permissions
  -rwxrwxrwx   1 itmuser  staff       1483448 Oct 17 15:59
stat_daemon
  3. Run bin/secureMain lock
  4. Observe the stat_daemon permissions
  -rwxr-sr-x   1 itmuser  system      1483448 Oct 17 15:59
stat_daemon

  The permissions should be
  -rwxr-xr-x   1 itmuser  staff       1483448 Oct 17 15:59
stat_daemon

Local fix

Work Around
  Follow the instructions in the Technote:

http://www-01.ibm.com/support/docview.wss?rs=2366&context=SSZ8F3
&context
=SSCQLMD&context=SSCQLME&context=SSCQLMF&context=SSCQLMG&context
=SSCQLMH
&context=SSCQLMJ&context=SSCQLMK&context=SSCQLML&context=SSCQLMN
&context
=SSCQLMP&context=SSCQLMQ&context=SSCQLMR&context=SSCQLMS&context
=SSCQLMT
&context=SSCQLMU&context=SSCQLMV&context=SSCQLMX&context=SSCQLMY
&context
=SSCQLMZ&q1=unix+permissions&uid=swg21293969&loc=en_US&cs=utf-8&
lang=en

OR

http://www-01.ibm.com/support/docview.wss?uid=swg21293969

Problem summary

As of IBM Tivoli Monitoring v 6.2 Fix Pack 1, the requirement
for the stat_daemon binary to have the SUID bit set on the UNIX
platform has been removed, but is now required for the kuxagent
binary.  As a result, the install utility secureMain needs to be
modified to set the correct permissions.

Problem conclusion

The code was modified to change the sticky bit and execute
permissions of the kuxagent, and clear the special permissions
on stat_daemon.


The fix for this APAR is contained in the following maintenance
packages:

   | fix pack | 6.2.0-TIV-ITM-FP0003

| MDVREGR  6.2.0-TIV-ITM-FP0003 |

Temporary fix

Comments

APAR Information

APAR number
IZ35328
Reported component name
OMEG DIST INSTA
Reported component ID
5608A41CI
Reported release
620
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-10-20
Closed date
2009-04-20
Last modified date
2010-07-28

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
OMEG DIST INSTA
Fixed component ID
5608A41CI

Applicable component levels

R620 PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"620","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
14 November 2022

Tips

IZ35328: DO NOT SET GROUP SID BIT AND GROUP OWNERSHIP FOR STAT_DAEMON

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R620 PSY

Document Information

Share your feedback

Need support?