Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-1610188.1
Update Date:2017-09-14
Keywords:
Solution Type  Problem Resolution Sure

Solution  1610188.1 :   Exadata: /usr/bin/newgrp and /usr/bin/sg Does not Work by Default  

Related Items 
    

  • Exadata Database Machine X2-2 Full Rack
    •  
Related Categories 
    

  • PLA-Support>Infrastructure>Operating Systems and Virtualization>Operating Systems>Oracle Linux
    •  
  • _Old GCS Categories>ST>Server>Engineered Systems>Exadata>Administration and Configuration
    •  






In this Document


Symptoms


Changes


Cause


Solution


References


Applies to:  

Exadata Database Machine X2-2 Full Rack - Version All Versions to All Versions [Release All Releases]
Linux x86-64



Symptoms


Use /usr/bin/newgrp command to update the the gid fails:


# imageinfo
Kernel version: 2.6.32-400.21.1.el5uek #1 SMP Wed Feb 20 01:35:01 PST 2013 x86_64
Image version: 11.2.3.2.1.130302
Image activated: 2013-07-24 17:00:47 -0400
Image status: success
System partition on device: /dev/mapper/VGExaDb-LVDbSys1

# useradd oratest -g dba -G oinstall
# su - oratest
# id
uid=1006(oratest) gid=1002(dba) groups=1001(oinstall),1002(dba)
# newgrp oinstall
# id
uid=1006(oratest) gid=1002(dba) groups=1001(oinstall),1002(dba)
# newgrp oinstall
# id
uid=1006(oratest) gid=1002(dba) groups=1001(oinstall),1002(dba)



The gid is not changed as expected.



Changes


This is secure default on purpose as part of the comparex scan starting from Image version 11.2.3.1.0 via bug 13630226. 

The customer is allowed to change it back to work.


Cause


Check permissions of /usr/bin/newgrp:


# rpm -qa | grep -i shadow-utils
shadow-utils-4.0.17-20.el5
 rpm -Vv shadow-utils | grep -i newgrp$
.M......    /usr/bin/newgrp
# ls -l /usr/bin/newgrp
-rwxr-xr-x 1 root root 28552 Dec 20  2011 /usr/bin/newgrp


Permissions and file type mode are different. 


Solution


1. Correct the file /usr/bin/newgrp permission manually:


# ls -l /usr/bin/newgrp
-rwxr-xr-x 1 root root 28552 Dec 20  2011 /usr/bin/newgrp
# chmod u+s /usr/bin/newgrp
# ls -l /usr/bin/newgrp
-rwsr-xr-x 1 root root 28552 Dec 20  2011 /usr/bin/newgrp



2. Upgrading the package "shadow-utils" will override the secure default and correct the issue:


# yum update shadow-utils



After that the file permission is updated:


# su - oratest
# id
uid=1020(oratest) gid=1002(dba) groups=1001(oinstall),1002(dba)
# newgrp oinstall
# id
uid=1020(oratest) gid=1001(oinstall) groups=1001(oinstall),1002(dba)


The gid is updated as expected. 


References
 <BUG:17842078> - EXADATA : NEWGRP AND SG DON'T WORK ON KERNEL VERSION: 2.6.32-400.21.1.EL5UEK



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback