su_ontape
I wrote this program because I am fortunate enough to work for a company with
a full-time operations staff, but wary enough to not want to give them the
full power of the "informix" login. Prior to writing this, I had called
Informix asking how, other than using onarchive, I could allow others to
perform database archives and log backups. They suggested writing a setuid
program to switch to "informix" and then run ontape from there.
Unfortunately, they could offer no advice on how to write such a program.
Finally, someone told me about a public domain program called sudo. After
investigating sudo, I decided that it was not what I wanted, because it
grants access for some period of time. I wanted access granted for exactly
the duration of the Informix utility program. Also, as noted in the
documentation for sudo, if you allow someone to run a script as super-user,
they may be able to halt the script and still retain super-user status. I
would have needed a script for my situation to insure environment variables
are set, etc.
To minimize this security exposure, su_ontape performs an exec() call, which
loads Informix's ontape program directly on top of su_ontape, rather than
spawning another child process. This should prevent anyone from breaking out
of the program and still retaining the privileges of "informix". When the
program is running, a "ps -ef|grep ttyxx" will show something like:
mcollins 20813 20812 0 08:46:03 ttyp7 0:00 ksh
informix 21911 20813 0 10:03:09 ttyp7 0:00 /usr/informix/bin/ontape -s -L 0
proving that ontape has indeed overlaid su_ontape and the user has "informix"
privileges only within the one process. Once that process goes away, when
ontape terminates, they return to their own id.
This program is designed to be run exactly the same as ontape. It expects
the same environment variables to be set (with the possible exception of
ONCONFIG). It also accepts any command line arguments you wish to pass.
These arguments are tested against a list of acceptable arguments, to verify
that no one other than "informix" attempts a database restore, for example.
There is no attempt to verify the correctness of the arguments. I leave that
to ontape. This should minimize the maintenance su_ontape will require in
the event that Informix adds or changes ontape's arguments.
You can run su_ontape from the command line or create a shell script to set
environment variables prior to running the program. A simple example would
be:
#!/bin/sh
export INFORMIXDIR=/usr/informix
export INFORMIXSERVER=dbservername
export ONCONFIG=onconfig.dbserver
su_ontape -s -L 0
if [ $? -ne 0 ]
then
echo "Problem with database backup"|mail informix
fi
I know of some changes you may want to make to the program. For example, you
might want to take out the test in check_env_vars() for the environment
variable ONCONFIG. I doubt it is needed by ontape, but I already had it in
there and didn't feel like taking it out. You may also want to customize
what command-line arguments you are willing to accept. Perhaps you want to
allow ANYONE to restore from an archive. It's your database. You may have
to change the setresuid() call in main() to be a setuid() call instead. Some
versions of Unix do not support setresuid().
By making a few modifications in create_command_line() and check_args(), you
can modify the program to call onmode, oninit, or any number of other
programs. One twist I found (and it is documented in the man page for exec()
on HP), if you try to execute a shell script rather than an executable
program, you MUST have "#!/bin/sh" or its equivalent as the first line. As
an alternative, you could create a command line that performed "sh script
arg1 arg2 ...". Unfortunately, running a script from this program has the
same security concerns as those discussed above for sudo.
This program has only been tested with Informix 7.10 on HP-UX 9.04. I have
tried to provide reasonable documentation within the program, but it is not
museum-quality code. If you make any major enhancement to the program's
functionality, I would appreciate seeing a copy.
Now that you've read through all of this, here's how to create the executable
on HP-UX.
log in as "informix"
compile the program
cc -Ae -o su_ontape su_ontape.c
set permissions
chmod 4111 su_ontape
check permissions
---s--x--x informix informix ... su_ontape
mcollins@us.dhl.com
iiug #2860
Download Latest Version
tpc-c-ifmx.tar.gz (392.7 kB)
