SUMMARY: Applying patches, some errors.

Subir Grewal (subir@indiaserver.com)
Sun, 09 Mar 1997 16:52:43 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----

My original message ran like so:

++++++++++++++++++++++++++++++

Hi,

While applying some patches from SUN recently, they exited with error
codes like the following:

- ---
The following validation error was found:
ERROR: /usr
permissions <0775> expected <2775> actual
group name <sys> expected <staff> actual
owner name <root> expected <bin> actual
ERROR: /usr/include
permissions <0775> expected <2775> actual
group name <bin> expected <staff> actual
owner name <root> expected <bin> actual

See the README file for instructions regarding patch validation errors.
- ---

I recently inherited this sytem, but have no idea how /usr got to be SGID
(/ is SGID as well). The README file has rather meagre explanations of
the validation errors. I know I can override the validation tests, but I
was wondering whether this would be safe. Couldn't find anything to
document this, either at Sun on in the lists' archives. BTW, the box is
running Sparc-Solaris2.4. Will summarize, thanks.

++++++++++++++++++++++++++++++++

Thanks to the following for replying:

Peter Bestel <peter.bestel@uniq.com.au>
Casper Dik <casper@holland.Sun.COM>
Matthew Stier <mstier@hotmail.com>
Erwin Fritz <efritz@glja.com>
Danny Johnson <djohnson@nbserv2.dseg.ti.com>

Peter and Casper suggested running installpatch with the -u option (to
ignore the validation errors), which is what I was considering and will go
ahead with doing. Casper said doing this would set the correct modes on
the files (directories?) as well.

Everyone else who replied suggested turning all the modes back to 755,
effectively getting rid of the SGID problems (it would still have left the
owner/group ID validation errors though).

I can find no compelling reason for turning the SGID bit on for /usr
and can only speculate that the earlier admin had a reason for doing so.
Nor can I figure out why the owners/groups were changed. My original
concern was that by over-riding the validation errors I might be creating
problems for the patched applications/daemons. Since no one else seems to
think so, I'll go ahead anyway.

Thanks all.

Subir Grewal subir@indiaserver.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCxAwUBMyMxNf0QrOHSPvwFAQGLRgTgvotIJsUivE8n/TJayXOBqAuptTvf9ogz
HmfbzL0H6RVU4LfuDyQXioKoqwRRw+6Y0zn04SP/xEmYxxbvcHVa7eTJpw8HUzDX
y2MbxECKpmR+oCQl92CmxjZSJqgYigWWgHHrxHuZFO/OekNcoSFeLtvASqfB4vIl
Azcpx0JChGGB0qnGHIjng7+IBAMZr9LWBF38MYgxCrVcGDTd
=I6QF
-----END PGP SIGNATURE-----