Patch Name: PHCO_30275 Patch Description: s700_800 11.11 ugm cumulative patch Creation Date: 04/04/16 Post Date: 04/05/03 Hardware Platforms - OS Releases: s700: 11.11 s800: 11.11 Products: N/A Filesets: OS-Core.ADMN-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP OS-Core.SYS-ADMIN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP OS-Core.SYS-ADMIN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP Automatic Reboot?: No Status: General Release Critical: No Category Tags: defect_repair enhancement general_release manual_dependencies Path Name: /hp-ux_patches/s700_800/11.X/PHCO_30275 Symptoms: PHCO_30275: ( SR:8606349355 CR:JAGaf10176 ) The usermod -e '''' syntax does not work for the Shadow password mode( Enhanced security mode): When usermod is invoked with -e and "''''", the usermod should disable the expiry date for that user, which is not happening. ( SR:8606343902 CR:JAGaf04754 ) The command - userdel does not check whether the NIS user is currently logged in or not, before deleting the user. PHCO_29269: ( SR:8606315118 CR:JAGae77850 ) useradd(1M) command is recursively changing the ownership of home directory to the new user being added, if the directory already exists. ( SR:8606319282 CR:JAGae81772 ) useradd(1M) and usermod(1M) is giving incorrect error message when invalid argument is passed to -c option. ( SR:8606291652 CR:JAGae55419 ) usermod(1M) is not creating the new home directory specified using -d and -m option if it is used along with -u or -g option. PHCO_28192: ( SR:8606229097 CR:JAGad98151 ) This patch is a member of a set of product updates needed to enable the optional HP-UX shadow password feature. Upon installation, the HP-UX shadow password bundle (ShadowPassword) will install the full set of products (including this patch) to enable the shadow password feature. If the HP-UX shadow password product is not installed, this patch will have no impact on your system. PHCO_27018: ( SR:8606222515 CR:JAGad91628 ) The commands: useradd, usermod, userdel, groupadd, groupmod and groupdel do not retain the permissions of the /etc/group and /etc/passwd files after these files have been modified. ( SR:8606245587 CR:JAGae12052 ) The commands: useradd, usermod, userdel, groupadd, groupmod and groupdel do not self audit in trusted mode. Defect Description: PHCO_30275: ( SR:8606349355 CR:JAGaf10176 ) When usermod -e is invoked with "''''" for a particular user the relevant file should get updated with expire date field of that user to null, which is not happening. It can be reproduced as follows, 1. Add a temporary user say tst1. 2. Set a expiry date for the user using usermod -e 7/13/99 tst1 3. On a different terminal try to login, as user 'tst1'. This will come out with the error. 4. Modify the expiry date on the first terminal using, usermod -e '''' tst1 When trying to modify the expiry date the command comes out with the error instead of disabling the expiry date and be able to log into the machine. Resolution: The code is modified to disable the expiry date of the user on which usermod -e '''' was invoked. ( SR:8606343902 CR:JAGaf04754 ) The /usr/sbin/userdel command does not check if the user has logged-on OR not, before deleting an NIS user. The defect can be reproduced as follows, 1. Login as root in the NIS server. 2. Add a new user abc 3. On a different terminal login as abc. 4. On the root terminal use userdel.sam -S /etc/passwd.yp -P abc 5. The userdel succeeds by deleting user abc even if abc is logged in. Resolution: A check for the login status is added before deleting any user. The check validates the users status and deletes if the user is not logged in. PHCO_29269: ( SR:8606315118 CR:JAGae77850 ) 1. useradd(1M) command is recursively changing the ownership of the home directory for the new user if the directory already exist and is not the home directory of any other user. Steps to reproduce the problem: # mkdir /tmp/home # chown root:sys /tmp/home # useradd -d /tmp/home new_user # ll -d /tmp/home drwxrwxrwx 2 new_user users 96 Jul 25 11:14 /tmp/home In the above case the ownership of the directory /tmp/home got changed to the new user. Also the ownership of the files within the '/tmp/home' directory is getting changed to the new user. Resolution: New option '-r' has been added to define the behavior of useradd(1M) command. If "no" is passed as argument to -r option then useradd(1M) won't change the ownership of the home directory. If "yes" is passed, useradd(1M) will recursively change the ownership of the home directory to the new user. Default behaviour of '-r' option can be set by using this option along with '-D' option. NOTE : Default behaviour of '-r' option will be set to "no" and hence useradd(1M) will not change the ownership of the home directory. User can get the old behaviour of useradd(1M) by setting the default behaviour of '-r' option to "yes" using the following command : # useradd -D -r "yes" ( SR:8606319282 CR:JAGae81772 ) 2. useradd(1M) and usermod(1M) is giving incorrect error message when a ':' is given in the comment specified using -c option. Steps for reproducing the problem : # useradd -c "testing:user" new_user group c will exceed the LINE_MAX limit In the above case we get an unrelated error message. Resolution: useradd(1M) and usermod(1M) has been modified to print the correct error message "Invalid argument : c". ( SR:8606291652 CR:JAGae55419 ) 3. usermod(1M) when used with -u option along with -d and -m options is not creating the home directory if the home directory does not exist. Also the ownership of the files or directory that is owned by the user is not changed. Eg, $ rm -rf /tmp/test_dir $ /usr/sbin/useradd -m user1 $ /usr/sbin/usermod -u 112 -d /tmp/test_dir -m user1 Here, if /tmp/test_dir does not exist it is suppose to create the home directory as per the manpage but usermod(1M) is not creating the home directory for the new user. Resolution: usermod(1M) has been modified to create the home directory specified using -d option if the directory does not exist when used along with -u or -g option and also to change the ownership of the files or directory owned by the user to the new uid. PHCO_28192: ( SR:8606229097 CR:JAGad98151 ) Enhancement request: HP-UX 11.11 does not support shadow passwords. Resolution: This module has been made aware of shadow passwords and will take the appropriate actions when the HP-UX shadow password bundle is installed. PHCO_27018: ( SR:8606222515 CR:JAGad91628 ) After modification of a user/group record using any of the commands: useradd, usermod, userdel, groupadd, groupmod or groupdel, the permissions of the /etc/passwd and /etc/group files are not retained. For Example: # chmod 644 /etc/passwd # ll /etc/passwd -rw-r--r-- 1 root sys 2431 Jun 3 00:19 /etc/passwd # usermod -u 222 testusr # ll /etc/passwd -r--r--r-- 1 root sys 2431 Jun 3 00:23 /etc/passwd The commands: useradd, usermod, userdel, groupadd, groupmod and groupdel set the permissions of files /etc/passwd and /etc/group to 0444, irrespective of their original permission modes. This is incorrect; files modified using these commands should retain their original attributes. Resolution: These commands have been modified to save the original attributes of /etc/group and /etc/passwd files before they get modified, and to restore the attributes after the files have been modified. ( SR:8606245587 CR:JAGae12052 ) The commands: useradd, usermod, userdel, groupadd, groupmod and groupdel do not audit themselves using the standard HP-UX audit subsystem in trusted mode operation. Resolution: These commands now write the audit record into the audit trail of the audit subsystem in trusted mode operation. Enhancement: No (superseded patches contained enhancements) PHCO_28192: This patch is one of many pre-enablement patches for the shadow password feature. SR: 8606222515 8606229097 8606245587 8606291652 8606315118 8606319282 8606343902 8606349355 Patch Files: OS-Core.ADMN-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: /usr/share/man/man1m.Z/useradd.1m /usr/share/man/man1m.Z/userdel.1m /usr/share/man/man1m.Z/usermod.1m OS-Core.SYS-ADMIN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP: /usr/lib/nls/msg/C/ugm.cat /usr/newconfig/etc/default/useradd /usr/sbin/groupadd /usr/sbin/groupdel /usr/sbin/groupmod /usr/sbin/useradd /usr/sbin/userdel /usr/sbin/usermod OS-Core.SYS-ADMIN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP: /usr/lib/nls/msg/C/ugm.cat /usr/newconfig/etc/default/useradd /usr/sbin/groupadd /usr/sbin/groupdel /usr/sbin/groupmod /usr/sbin/useradd /usr/sbin/userdel /usr/sbin/usermod what(1) Output: OS-Core.ADMN-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: /usr/share/man/man1m.Z/useradd.1m: None /usr/share/man/man1m.Z/userdel.1m: None /usr/share/man/man1m.Z/usermod.1m: None OS-Core.SYS-ADMIN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP: /usr/lib/nls/msg/C/ugm.cat: None /usr/newconfig/etc/default/useradd: None /usr/sbin/groupadd: groupadd.c $Date: 2002/06/05 23:00:37 $Revision: r11 .11/2 PATCH_11.11 (PHCO_27018) ugm_cmn.c $Date: 2004/03/25 06:27:16 $Revision: r11. 11/10 PATCH_11.11 (PHCO_30275) $Revision: vw: -f selectors: R11.11_BL2004_0416_2 PHCO_30275 'R11.11_BL2004_0416_2' Fri Apr 16 14:20:21 PDT 2004 $ /usr/sbin/groupdel: groupadd.c $Date: 2002/06/05 23:00:37 $Revision: r11 .11/2 PATCH_11.11 (PHCO_27018) ugm_cmn.c $Date: 2004/03/25 06:27:16 $Revision: r11. 11/10 PATCH_11.11 (PHCO_30275) $Revision: vw: -f selectors: R11.11_BL2004_0416_2 PHCO_30275 'R11.11_BL2004_0416_2' Fri Apr 16 14:20:21 PDT 2004 $ /usr/sbin/groupmod: groupadd.c $Date: 2002/06/05 23:00:37 $Revision: r11 .11/2 PATCH_11.11 (PHCO_27018) ugm_cmn.c $Date: 2004/03/25 06:27:16 $Revision: r11. 11/10 PATCH_11.11 (PHCO_30275) $Revision: vw: -f selectors: R11.11_BL2004_0416_2 PHCO_30275 'R11.11_BL2004_0416_2' Fri Apr 16 14:20:21 PDT 2004 $ /usr/sbin/useradd: useradd.c $Date: 2003/09/02 23:19:19 $Revision: r11. 11/7 PATCH_11.11 (PHCO_29269) ugm_cmn.c $Date: 2004/03/25 06:27:16 $Revision: r11. 11/10 PATCH_11.11 (PHCO_30275) $Revision: vw: -f selectors: R11.11_BL2004_0416_2 PHCO_30275 'R11.11_BL2004_0416_2' Fri Apr 16 14:20:12 PDT 2004 $ /usr/sbin/userdel: userdel.c $Date: 2004/01/07 06:56:13 $Revision: r11. 11/4 PATCH_11.11 (PHCO_30275) ugm_cmn.c $Date: 2004/03/25 06:27:16 $Revision: r11. 11/10 PATCH_11.11 (PHCO_30275) $Revision: vw: -f selectors: R11.11_BL2004_0416_2 PHCO_30275 'R11.11_BL2004_0416_2' Fri Apr 16 14:20:15 PDT 2004 $ /usr/sbin/usermod: usermod.c $Date: 2004/03/25 06:27:49 $Revision: r11. 11/11 PATCH_11.11 (PHCO_30275) ugm_cmn.c $Date: 2004/03/25 06:27:16 $Revision: r11. 11/10 PATCH_11.11 (PHCO_30275) $Revision: vw: -f selectors: R11.11_BL2004_0416_2 PHCO_30275 'R11.11_BL2004_0416_2' Fri Apr 16 14:20:18 PDT 2004 $ OS-Core.SYS-ADMIN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP: /usr/lib/nls/msg/C/ugm.cat: None /usr/newconfig/etc/default/useradd: None /usr/sbin/groupadd: groupadd.c $Date: 2002/06/05 23:00:37 $Revision: r11 .11/2 PATCH_11.11 (PHCO_27018) ugm_cmn.c $Date: 2004/03/25 06:27:16 $Revision: r11. 11/10 PATCH_11.11 (PHCO_30275) $Revision: vw: -f selectors: R11.11_BL2004_0416_2 PHCO_30275 'R11.11_BL2004_0416_2' Fri Apr 16 14:20:21 PDT 2004 $ /usr/sbin/groupdel: groupadd.c $Date: 2002/06/05 23:00:37 $Revision: r11 .11/2 PATCH_11.11 (PHCO_27018) ugm_cmn.c $Date: 2004/03/25 06:27:16 $Revision: r11. 11/10 PATCH_11.11 (PHCO_30275) $Revision: vw: -f selectors: R11.11_BL2004_0416_2 PHCO_30275 'R11.11_BL2004_0416_2' Fri Apr 16 14:20:21 PDT 2004 $ /usr/sbin/groupmod: groupadd.c $Date: 2002/06/05 23:00:37 $Revision: r11 .11/2 PATCH_11.11 (PHCO_27018) ugm_cmn.c $Date: 2004/03/25 06:27:16 $Revision: r11. 11/10 PATCH_11.11 (PHCO_30275) $Revision: vw: -f selectors: R11.11_BL2004_0416_2 PHCO_30275 'R11.11_BL2004_0416_2' Fri Apr 16 14:20:21 PDT 2004 $ /usr/sbin/useradd: useradd.c $Date: 2003/09/02 23:19:19 $Revision: r11. 11/7 PATCH_11.11 (PHCO_29269) ugm_cmn.c $Date: 2004/03/25 06:27:16 $Revision: r11. 11/10 PATCH_11.11 (PHCO_30275) $Revision: vw: -f selectors: R11.11_BL2004_0416_2 PHCO_30275 'R11.11_BL2004_0416_2' Fri Apr 16 14:20:12 PDT 2004 $ /usr/sbin/userdel: userdel.c $Date: 2004/01/07 06:56:13 $Revision: r11. 11/4 PATCH_11.11 (PHCO_30275) ugm_cmn.c $Date: 2004/03/25 06:27:16 $Revision: r11. 11/10 PATCH_11.11 (PHCO_30275) $Revision: vw: -f selectors: R11.11_BL2004_0416_2 PHCO_30275 'R11.11_BL2004_0416_2' Fri Apr 16 14:20:15 PDT 2004 $ /usr/sbin/usermod: usermod.c $Date: 2004/03/25 06:27:49 $Revision: r11. 11/11 PATCH_11.11 (PHCO_30275) ugm_cmn.c $Date: 2004/03/25 06:27:16 $Revision: r11. 11/10 PATCH_11.11 (PHCO_30275) $Revision: vw: -f selectors: R11.11_BL2004_0416_2 PHCO_30275 'R11.11_BL2004_0416_2' Fri Apr 16 14:20:18 PDT 2004 $ cksum(1) Output: OS-Core.ADMN-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: 1503029012 5291 /usr/share/man/man1m.Z/useradd.1m 3179527760 2408 /usr/share/man/man1m.Z/userdel.1m 1768920328 4241 /usr/share/man/man1m.Z/usermod.1m OS-Core.SYS-ADMIN,fr=B.11.11,fa=HP-UX_B.11.11_32,v=HP: 401253854 2757 /usr/lib/nls/msg/C/ugm.cat 3809409965 84 /usr/newconfig/etc/default/useradd 1770761225 45056 /usr/sbin/groupadd 1770761225 45056 /usr/sbin/groupdel 1770761225 45056 /usr/sbin/groupmod 3057435218 65536 /usr/sbin/useradd 2257796041 45056 /usr/sbin/userdel 2509623814 61440 /usr/sbin/usermod OS-Core.SYS-ADMIN,fr=B.11.11,fa=HP-UX_B.11.11_64,v=HP: 401253854 2757 /usr/lib/nls/msg/C/ugm.cat 3809409965 84 /usr/newconfig/etc/default/useradd 1770761225 45056 /usr/sbin/groupadd 1770761225 45056 /usr/sbin/groupdel 1770761225 45056 /usr/sbin/groupmod 3057435218 65536 /usr/sbin/useradd 2257796041 45056 /usr/sbin/userdel 2509623814 61440 /usr/sbin/usermod Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: PHCO_27018: Prior to patch PHCO_27049, the commands: useradd, usermod, userdel, groupadd, groupmod and groupdel were not listed as self auditing commands in the audit(5) man page. To obtain an updated version of the audit(5) man page, install PHCO_27049 (or superseding). Supersedes: PHCO_29269 PHCO_28192 PHCO_27018 Equivalent Patches: None Patch Package Size: 300 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHCO_30275 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHCO_30275.depot By default swinstall will archive the original software in /var/adm/sw/save/PHCO_30275. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHCO_30275.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHCO_30275.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHCO_30275.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None