A fix is available
APAR status
Closed as program error.
Error description
============= When I try to change the security configuration on the system the second time, it does not reflect in the output even though it has actually changed the configuration. # setrunmode -c System runtime mode is now CONFIGURATION MODE. # setsecconf -o root=enable Changes take effect at next boot time. OPERATIONAL MODE Security Flags ROOT : ENABLED TRACEAUTH : DISABLED # setsecconf -o root=disable Changes take effect at next boot time. OPERATIONAL MODE Security Flags ROOT : ENABLED <<--- Shows enabled! even though its actually changed it, TRACEAUTH : DISABLED <<--- I tested this via a reboot. but please dont reboot the victim now. # setsecconf -o root=enable Changes take effect at next boot time. OPERATIONAL MODE Security Flags ROOT : ENABLED TRACEAUTH : DISABLED # setrunmode -o System runtime mode is now OPERATIONAL MODE. Please see MACHINE ACCESS section for login information.
Local fix
Problem summary
============= When I try to change the security configuration on the system the second time, it does not reflect in the output even though it has actually changed the configuration. # setrunmode -c System runtime mode is now CONFIGURATION MODE. # setsecconf -o root=enable Changes take effect at next boot time. OPERATIONAL MODE Security Flags ROOT : ENABLED TRACEAUTH : DISABLED # setsecconf -o root=disable Changes take effect at next boot time. OPERATIONAL MODE Security Flags ROOT : ENABLED <<--- Shows enabled! even though its actually changed it, TRACEAUTH : DISABLED <<--- I tested this via a reboot. but please dont reboot the victim now. # setsecconf -o root=enable Changes take effect at next boot time. OPERATIONAL MODE Security Flags ROOT : ENABLED TRACEAUTH : DISABLED # setrunmode -o System runtime mode is now OPERATIONAL MODE. Please see MACHINE ACCESS section for login information.
Problem conclusion
For non-mls machines the enabling/disabling of the root info was getting fetched from the kernel instead of ODM. So made code changes to make sure the information is fetched from ODM
Temporary fix
Comments
6100-05 - use AIX APAR IZ78839 6100-06 - use AIX APAR IZ78184
APAR Information
APAR number
IZ78839
Reported component name
AIX 610 STD EDI
Reported component ID
5765G6200
Reported release
610
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Submitted date
2010-07-03
Closed date
2010-07-03
Last modified date
2013-03-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
AIX 610 STD EDI
Fixed component ID
5765G6200
Applicable component levels
R610 PSY U828929
UP10/08/20 I 1000
PTF to Fileset Mapping
U828929 bos.rte.security 6.1.5.1
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSMV87","label":"AIX 6.1 Enterprise Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSMVAX","label":"AIX Express Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSAUMY","label":"IBM AIX Enterprise Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG11Q","label":"AIX 6.1 HIPERS, APARs and Fixes"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
28 March 2013