How to deal with a problem from the file /etc/jlumachine.id with wrong permission

Article:TECH167093  |  Created: 2011-08-12  |  Updated: 2012-07-28  |  Article URL http://www.symantec.com/docs/TECH167093
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution


Environment

Issue



 

 

[ ISSUE ]
Inquiry on permission on file

Error



 

[ ERROR MESSAGES ]
bash-3.00# ls -la /etc/jlumachine.id
-rw-rw-rw-   1 root     root           0 Jan 15 2011 /etc/jlumachine.id

Environment



 

[ VERSION OF OS/PACKAGE ]
Solaris 10
SFHA5.1

Cause



 

[ Explanation ]
This error will only come when a root user installed JLU first time as at that time only JLU creates a file name as jlumachine.id under directory "\etc" with
the Read/Write permission to everyone. So after installation when we launch the Live update for first time with non-root user JLU tries to change the mode of jlumachine.id file by using chmod 666.
 
But since this file is created by root so only root or owner will be having the permission to change the mode of thid file and hence JLU ends up by throwing the error "Error while changing permissions of cache filechmod: /etc/jlumachine.id: Operation not permitted".
  

Solution



 

[ SUGGESTION ]
as root:
cd /etc
touch jlumachine.id
chown symcscan:avdefs jlumachine.id
chmod 664 jlumachine.id
 
Note: The Symantec-provided file was owned by root:root with 666 permissions. 
This is to show how to change the file to be owned by the scanner (symcscan:avdefs) and 664 permissions for improved security.

Supplemental Materials

Description
[ Description ]
Currently, when Symantec Scan Engine 5.2.10 or upper version is installed, the /etc/Product.Catalog.JavaLiveUpdate file has 666 permissions. 
It is reported that this will cause a healthcheck failure in their environment (they have very strict requirements). 
If possible we would like the default permissions of this file changed to 660, or 664.
 
 
 
Following dir/file permissions are being checked then changed with this fix:
-----------------------------------------------------------------------------
-/opt/Symantec/LiveUpdate (LiveUpdate dir)
Permissions changed to 775 (from 777).
 
-/etc/Product.Catalog.JavaLiveUpdate
Permissions changed to 664 (from 666).
 
-/tmp/jlucache.xml
Permissions changed to 664 (from 666).
 
-/etc/jlumachine.id
Permissions changed to 664 (from 666).
 
-JavaLiveUpdate-Install.log
If avdefs group exists, permissions changed to 660 (from 666).
If avdefs group does not exist, permissions changed to 640 (from 646).
 
-liveupdt.log:
In unixinstall.sh, if the log file already existed, it was setting permissions to 666.
Changed it to 660 (to be consistent with the permissions set by
Installer.java).
 
The only file left with write permissions for the world is jlu.jar.
It is a symbolic link that gets the default permissions of 777.
There is no way command to change the permissions of a symbolic link.



Article URL http://www.symantec.com/docs/TECH167093


Terms of use for this information are found in Legal Notices