Home
Web CMS (TeamSite)
Starting TS5.5.2 with sudo on Solaris 2.8
thor
Before our Solaris upgrade (2.7-2.8) we were able to start up TS 5.5.2 iwserver by using sudo. Now that we're on 2.8, we cannot. The new iwserver.2.8 command references some ldap stuff, which we don't need and I think that is what is getting in the way.
IW support said this is to be expected since they don't support starting the app with sudo. We try to separate our Unix environment from our app environment, so keeping root available to the app team is not an option.
Has anybody gotten around this problem?
Find more posts tagged with
Comments
Migrateduser
First of all, I feel your pain. As you've experienced, starting TS with sudo is entirely viable -- even though IW does not support it. I've done it in several environments, myself. But because of the system calls that need to take place when you start TeamSite, only a priveleged user (i.e. root) can start the app.
Does your systems team know that you guys are going to be bugging them every time you need to restart TS?
I haven't done this, but I wonder if applying a sticky bit on iw.server will work... I don't think it's much of a security concern, but anyone reading this can correct me on that.
See if your systems group will agree to that, though. It may not be the solution (as I said, I haven't tried this) but their willingness to use the sticky bit might help you with other routine things you'd need to do elsewhere.
Dave
Current Environment(s):
(1) TS 6.1 SP1 on W2K3
(2) TS 6.1 SP1 on W2K
thor
interesting idea.
The problem starts when iwserver.2.8 executes ld.so.1 to launch libldapss141.so. I put our people on the job to see if the sticky bit will help launching libraries.
Thanks.
Migrateduser
Yeah, I've seen that message many times, too
But please repost with what your findings are. Unfortunately, I'm working in 3 different TS Windows environments right now so I don't have the Unix box to check it out for myself.
Dave
Current Environment(s):
(1) TS 6.1 SP1 on W2K3
(2) TS 6.1 SP1 on W2K
iwovGraduate
Not sure about the error you are getting, but I have noticed in the past that some of the processes will not start if your LD_LIBRARY_PATH is not defined or does not have necessary libs in the path.
Adam Stoller
DId you (or someone at your site) by amy chance apply a patch to your TS server and forget to carefully read the patch instructions regarding running some CLT on the iwserver binary (iwcfgbin I believe?)
This happened to me when I went a bit too fast installing a patch on TS6.1 and forgot to run that part of the [*manual*] patch process and trying to start up iwserver generated error messages about a missing ldap library.
--fish
Senior Consultant, Quotient Inc.
http://www.quotient-inc.com
thor
Great feedback, all.
We did have the LD_LIBRARY_PATH problem, but added that and more to the profile in order for it to pick up all the files and libraries involved.
We haven't applied any patches recently. The last one we did was while we were still on Sol 2.7 and sudo still worked fine afterwards.
BTW - Our unix guys were intrigued by the sticky bit idea, but said that is not the option that will do it (they are motivated to figure this out so we don't have to bother them with app restarts). They have an idea or two along those lines and will get back to me. I'll keep you all posted.
Adam Stoller
Are you saying you upgraded the OS on your TS server from 2.7 to 2.8 ?
If so - I believe there are a number of steps you have to go through to "fix" TS to know that it's using a new version of the iwserver binary - and as such I think the CLT I mentioned before *does* come into it.
I don't remember where this is (or isn't?) documented - but I'd suggest you try tracking this information down (either in the manuals or with support) - the fact (if I understood correctly) that you upgraded the OS on an existing TS server is a *very important* piece of information.
--fish
Senior Consultant, Quotient Inc.
http://www.quotient-inc.com
thor
I followed the steps required by TS to do the upgrade (see kb article 50826:
https://support.interwoven.com/kb/kb_show_article2.asp?ArticleID=50826
). Let me know if you're thinking of some other steps not covered here.
Adam Stoller
Well it looks like step 4 was the one I was thinking of - I assume you made sure your link is pointing to 2.8 not 2.7 (yes?)
It still sounds a lot like the problem we had where iwserver compalined about not being able to find libldapssl141.so which was fixed when we ran iwcfgbin on iwserver.sol and rebooted the system... but I guess at this point you'll have to see if Support has any more ideas for you.
--fish
Senior Consultant, Quotient Inc.
http://www.quotient-inc.com
thor
Any idea what it would do if I ran iwcfgbin even though my <iw-home> has not changed? The kb article says not to do it:
"If <iw-home> remains the same after the OS upgrade, do not run "iwcfgbin" again on the CLT, but make the symbolic link again as shown below:"
Adam Stoller
I have no idea - I suggest you contact support first *before* running it.
--fish
Senior Consultant, Quotient Inc.
http://www.quotient-inc.com
skip11
Hi,
We have no problems whatsoever with stopping/starting a TS 5.5.2 on Sol 8 via sudo. Here are the entries
we use from visudo:
User_Alias IWUSERS=<some pids comma deliminated>
Cmnd_Alias IW=/etc/init.d/iw.server stop_all,/etc/init.d/iw.server start
# IW User privilege specification
IWUSERS ALL=IW
This sticky bit thing has me questioning what you mean by sticky bit. The sticky bit is used to keep an
executable in memory after exit. A standard use of the sticky bit can always be found on /tmp on a solaris
OS; it looks like this: drwxrwxrwt 8 root sys 2114 Oct 19 10:20 tmp
Is that was is required ? Keeping iw.server in memory after it exits ?
the suid bit is a horse of a different color and is used to set process user ID on execution. That may be what is
required. I think the problem may have more to do with the OS upgrade and ENV variables, than sudo.
my CHF 0.02
R.Barger
Credit Suisse Group
Zurich, Switzerland
Migrateduser
No, my usage of the term "sticky bit" indicates an executable that runs as the user owning the file. Normally, when you execute a command, the operating system knows it's you and runs the command as such. However, setting the uid sticky bit (i.e. chmod u+s <file>) will cause the command to run as the user who actually has ownership of the executable.
It looks something like:
-rws--x--x [em]<... other stuff...>[/em] executable_file
Dave
Current Environment(s):
(1) TS 6.1 SP1 on W2K3
(2) TS 6.1 SP1 on W2K
(3) TS 5.5.2 SP2 on Win2K
skip11
Hi,
Sorry for the semantics but sticky bit refers only to u,g,o+t, suid refers to u,g,o+s.
Sorry to pick nits, I guess I've been in bed with unix too long.
R.Barger
Credit Suisse Group
Zurich, Switzerland
Migrateduser
No, not at all. Thank you for correcting me on that. I was reconsidering my wording anyway when I saw your message. Sorry! I feel like President Bush... I know what's going on in my own head but do not always do a diligent job of conveying my message :-)
Dave
Current Environment(s):
(1) TS 6.1 SP1 on W2K3
(2) TS 6.1 SP1 on W2K
(3) TS 5.5.2 SP2 on Win2K
skip11
Hi,
Well at least we're dealing with a failing iw.server start and not a global war on terror !
IMO, why anyone would want to president of the US is crazy to me, and I'm an American,
albeit hiding out in Switzerland
R.Barger
Credit Suisse Group
Zurich, Switzerland
Migrateduser
I think it's a combination of: a once in a lifetime experience (i.e. if Kerry loses, you KNOW he's not going to run again in '08), severe ego, extreme idealism by thinking that you can save the country and part of the world, and greed.
This is not the place for me to share my political views but in 2008, I don't think the US / war / US economy is going to be much different in four years no matter who was president in the preceding term.
Dave
Current Environment(s):
(1) TS 6.1 SP1 on W2K3
(2) TS 6.1 SP1 on W2K
(3) TS 5.5.2 SP2 on Win2K
skip11
Greed ? Most modern US presidents made more in the private sector in one year
than they did occupying the White House in four. Now W is a texas oil man, and anyone
who thinks that he could keep his hands off the iraqi oil, well, I have a bridge from New Jersey
to Manhattan I'll sell you cheap.
R.Barger
Credit Suisse Group
Zurich, Switzerland
Migrateduser
Yes, Greed... granted, U.S. presidents don't make as much as perhaps the market would indicate (most CEO's make far more), but what about the fact that 300M people use you as a household name (whether good or bad), the amazing pension plan and other benefits after only 4 years of service, the power, the gobs and gobs of money that is made
after
your presidency -- Clinton, for example, is making a ton more money now than he was while in office.
I maintain my criterion: Greed. Sorry, I don't have a snappy bridge comment to raise right now
I'm 6 hours behind you, I believe. Still feels early to me!
Dave
Current Environment(s):
(1) TS 6.1 SP1 on W2K3
(2) TS 6.1 SP1 on W2K
(3) TS 5.5.2 SP2 on Win2K
