What are the required file ownerships and permissions of files in the $SPECROOT/SS directory on Linux?
search cancel

What are the required file ownerships and permissions of files in the $SPECROOT/SS directory on Linux?

book

Article ID: 40898

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction



Someone accidentally started the SpectroSERVER as the root user, now the file ownerships and permissions are preventing the user that owns the Spectrum installation from starting and stopping the SpectroSERVER.

What are the required file ownerships and permissions of files in the $SPECROOT/SS directory on Linux and Solaris?

Environment

Release:
Component:

Resolution

All of the files in the $SPECROOT/SS directory should have the file and group ownership of the user that owns the Spectrum installation as specified during the Spectrum installation process. The ONLY file that should not be owned by the user that owns the Spectrum installation is the SpectroSERVER binary. The file owner should be "root" and the file group owner should be the same group as the user that owns the Spectrum installation. 



The file permissions on the SpectroSERVER binary should be "rwsr-x---"



The following is an example of the file ownerships and permissions of the $SPECROOT/SpectroSERVER binary:



 



-rwsr-x---.   1 root    spectrum     12841 Apr 12 16:08 SpectroSERVER



 



NOTE: You will notice the owner permissions on the SpectroSERVER binary are "rws". The "s" indicates the suid is enabled. This means that when the file is executed, it will run with the permissions of the owner of the file. In this case, the "root" user. This is required for the SpectroSERVER binary on Linux and Solaris. If the permissions on the SpectroSERVER binary are not "-rwsr-x---", enter the following command from the $SPECROOT/SS directory as the root user to set them:



 



chmod 4750 SpectroSERVER

Additional Information


Note: Newer versions of Spectrum will attempt to use Linux Capabilities with the SpectroSERVER process so that it
    no longer required to be owned by root and have the set uid bit configured. However, on systems where Spectrum is
    installed on an NFS mount linux capabilities do not work and therefore it is required for the SpectroSERVER to be
    owned by root and have 4750 permissions set (to bind raw sockets for ICMP and bind port 162)