Installing Openssh directions - update data for users with Solaris System Resource Manager Installed

This note was submitted by Mark Egan to help with a problem some openssh users have found.

Thanks to Mark for his valuable work.

Date: Wed, 23 Aug 2006 09:15:01 -0400 (EDT)

From: "Mark.C.Egan@usdoj.gov" 


Hello, 
        I thought I would send in this update for your procedures
 on installing OpenSSH. I have been reading a number of posts on
 people reporting errors in /var/adm/messages similar to the following
 after installing Openssh.

Aug 22 20:13:33  limdaemon: [ID 809745 daemon.error] Message from pid 19422, lnode sshd: lnode attach failed in setuid

Aug 22 20:13:33  limdaemon: [ID 812305 daemon.error] Message from pid 19427, lnode sshd: lnode attach failed in setuid

Aug 22 20:13:35  limdaemon: [ID 811313 daemon.error] Message from pid 19445, lnode sshd: lnode attach failed in setuid

Aug 22 20:13:35  limdaemon: [ID 808769 daemon.error] Message from pid 19450, lnode sshd: lnode attach failed in setuid

Aug 22 20:40:46  limdaemon: [ID 105589 daemon.error] Message from pid 22181, lnode sshd: lnode attach failed in setuid

Aug 22 20:40:47  limdaemon: [ID 108149 daemon.error] Message from pid 22186, lnode sshd: lnode attach failed in setuid

Aug 22 20:40:48  limdaemon: [ID 105605 daemon.error] Message from pid 22191, lnode sshd: lnode attach failed in setuid

Aug 23 07:37:06  limdaemon: [ID 569217 daemon.error] Message from pid 15073, lnode sshd: lnode attach failed in setuid

Aug 23 07:58:02  limdaemon: [ID 443280 daemon.error] Message from pid 15959, lnode sshd: lnode attach failed in setuid

After encountering these errors myself, I took the time to document
what is needed to fix the issue. 

Basically, whenever a new user is added to the system with SRM
 installed the admin must also remember to update the SRM list.
 For myself this was rather simple as I have the SRM software
 installed but do not yet utilize its abilities. The procedures
 listed below will add the user sshd(on my system the sshd user
 id is 1026) to the SRM configuration and stop the errors from
 occurring.

NOTE: The errors in no way stop the ssh process from spawning...
 but it does create an error every time a session is started.


/etc/rc2.d/S10srm stop
 ------- stop the currently running service ( consult the SRM
 admin guide for the method to stop your service)

(The guide recommends bringing the system down to run level1
 for some activities)

(While adding users you can generally leave the service running.
 I prefer to stay safe)

cd /usr/srm/bin 
------------- cd to the SSRM directory

./limreport 'flag.real' - lname preserve > /var/tmp/savelnodes 
---------- save current lnode configuration data

cd /usr/srm/sbin 
----------- change directory

./limadm set -u flag.admin=set 1026
----------- create a new entry for the the sshd user id from the
 password file

./limreport 'flag.real' - lname preserve > /var/tmp/savelnodes.1
----------- save current lnode configuration data to new file

cat /var/tmp/savelnodes.1 | grep -I sshd
----------- ensure new sshd entry shows up

diff /var/tmp/savelnodes.1 /var/tmp/savelnodes.1
----------- ensure new sshd entry is the only change that shows

mv /var/tmp/savelnodes.1 /var/tmp/savelnodes
----------- save current user list to maintain 1 backup copy

/etc/rc2.d/S10srm start
----------- start service back up