Patch Name:  PHNE_3631

Patch Description: s300_400 9.0 exportfs not executable if setuid bit is set

        /usr/etc/exportfs has been changed so that the setuid bit can be set
        and normal users can then execute it.  exportfs used to internally
        check the user id and exit if the id was not root.  It has been
        changed to check the effective user id.  This changes exportfs to
        work like SUN's version of exportfs.

        Additionally, the permissions on the file /etc/xtab have to be
        changed so that users can actually modify the exported file system
        list.  There are two choices:  change /etc/xtab to be writable by all
        users or use ACL(5)s to control write access.  ACLs can be used to
        allow only some users or groups the ability to use exportfs to change
        the /etc/xtab file.  The /etc/xtab file stores the current list of
        exported file systems.  This file is read by the NFS mount daemon,
        rpc.mountd.  See mountd(1m).

        To allow all normal users to run exportfs, execute:

                chown root /usr/etc/exportfs
                chmod 04555 /usr/etc/exportfs
                chmod +w /etc/xtab

        To allow only the user good_user to run exportfs, execute:

                chown root /usr/etc/exportfs
                chmod 04555 /usr/etc/exportfs
                chacl   '(good_user.%,w)' /etc/xtab  # quotes are required!

        To allow only users from the group good_users to run exportfs:

                chown root /usr/etc/exportfs
                chmod 04555 /usr/etc/exportfs
                chacl   '(%.good_users,w)' /etc/xtab  # quotes are required!

        chacl can be used to set write permissions for multiple groups and
        users.  See chacl(1) and lsacl(1).

        If the /etc/xtab file ever gets deleted the chacl or chmod commands
        will have to be executed again.  This should be the first thing
        checked if users are unable to change the exported file system list
        using exportfs.

        See the exportfs(1m) man page for an explanation of uses and options
        for exportfs.

Path Name:  /hp-ux_patches/s300_400/9.X/PHNE_3631

Effective Date:  940113

OS Release:  9.00

Reboot Required:  No

Patch Files:  /usr/etc/exportfs

SR#:  4701235333

"what" string/timestamp:  
exportfs:
        exportfs.c:     $Revision: 1.1.109.14 $ $Date: 94/01/13 12:58:35 $
         PATCH_9.0: exportfs.o $Revision: 1.1.109.14 $ 94/01/13 PHNE_2504
                              PHNE_3631
        issubdir.c      1.2 90/07/23 4.1NFSSRC Copyr 1990 Sun Micro

"sum" output:  
62649 29 exportfs

Dependencies:  None

Supersedes:  PHNE_2504

Patch Package Size:  72 Kbytes

Installation Instructions:  

Please review all instructions and the Hewlett-Packard SupportLine
User Guide or your Hewlett-Packard support terms and conditions for
precautions, scope of license, restrictions, and, limitation of liability
and warranties, before installing this patch.

1. Back up your system before installing a patch.

2. Copy the patch to your /tmp directory and unshar it:

   cd /tmp
   cp patch_source/PHNE_3631 .
   sh PHNE_3631

3. Become root and run update:

   /etc/update

4. Use the cursor keys to select "Change Source or Destination ->" and
   press [Return].

5. Select "From Tape Device to Local System ..." in the Change window and
   press [Return].

6. Change "Source: /dev/rmt/0m" to "Source: /tmp/PHNE_3631.updt"

7. Press "Done" (f4).

8. Follow the standard directions for update.

Update moves the original software to /system/PHNE_3631/orig.  Keep this
file to recover from any potential problems.  You should move the
PHNE_3631.text file to /system/PHNE_3631 for future reference.

To put this patch on a magnetic tape and update from the tape
drive, use dd:

  dd if=PHNE_3631.updt of=/dev/rmt/0m bs=2048
  chmod 666 PHNE_3631.text