开源中文网

您的位置: 首页 > IBM Aix > 正文

AIX常见问题整理(二)

来源:  作者:

如何解决AIX上不能增加新用户,错误讯息 3004-687

环境 产品:RS/6000
软件版本: Aix 3.2, 4.x
问题 AIX上不能增加新用户,错误讯息 3004-687
解答 本文供了排除以下错误的建议:
- 增加新用户出错
- 错误信息3004-687 表明用户不存在
--------------------------------------------------------------------------------
排错建议:
1. 检查root文件系统是否已满?

2. 检查:
- /etc/passwd 文件中是否有空行
- /etc/passwd 文件中是否部分行语法不正确
- nobody 使用者是否遗失或其group为-2. 该行应该如下:
nobody:!:4294967294:4294967294::/:

3. 如果以上均正确,检查/etc/security目录中的以下档案的权限许可:
档案 权限
------------------------
.ids -rw-------
environ -rw-r-----
limits -rw-r-----
passwd -rw-------
user -rw-r-----

4. 以下的命令对除错也很有帮助(查MAN来获得详细的帮助)
usrck -t ALL
pwdck -t ALL
grpck -t ALL

5. 在mkuser.default 文件中的umask属性是八进位,但不要有前置0,所以:
umask=77 正确,转成八进位 077.
umask=077 错误,转成八进位制 063.

6. 如果以上都正确,关机并重开进入维护模式,对root 和 user档案系统做fsck。

 


在Korn Shell中要如何设定 prompt 才会显示出目前所在的目录?

环境 产品:RS/6000
软件: AIX
问题 在Korn Shell中要如何设定 prompt 才会显示出目前所在的目录?
解答 本文所述方法针对Korn Shell
把下面这行加入你的 .profile 中:
PS1='$PWD $ '

如果你只想显示最後一个部分,可以用
PS1='${PWD##*/} $ '

对于JESMSG,在SDSF进入该JESMSG显示屏幕,进行类似于上述2中的操作即可.

 


/var/adm/wtmp档案太大怎么办

环境 产品:RS/6000
软件:AIX
问题 /var/adm/wtmp文件保存所有用户登录的讯息,随著时间会增长到很大,/var/adm/wtmp档案太大时怎么办?
解答 /var/adm/wtmp档案太大时,有时需要清理或编辑整理。
要清理它,执行cp /dev/null /var/adm/wtmp.

要编辑整理部分清理,用fwtmp命令先将文件wtmp变成ASCII格式的档案dummy.file:
/usr/sbin/acct/fwtmp < /var/adm/wtmp > dummy.file,
编辑之後用
/usr/sbin/acct/fwtmp -ic < dummy.file > /var/adm/wtmp
再将ASCII文件转变成二进位文件.

JESMSG显示屏幕,进行类似于上述2中的操作即可.

 


2001/06 AIX安全防范有关的补丁(APAR)

环境 AIX V4.3
问题 2001/06 AIX安全防范有关的补丁(APAR)
解答 以下列出了AIX当前(2001/06)的安全防范有关的补丁(APAR)。如果想下载所有这些补丁,可通过在网站http://techsupport.services.ibm.com/rs6k/fixdb.html 上指定以下的一个APAR包号来获得:

AIX 4.3: IY19897 (updated 6/2001)

========================================================
AIX 4.3 APARs

IX72045 CDE LOGIN GIVES INVALID USER NAME MESSAGE BEFORE PW ENTERED
IX72553 SECURITY: VULNERABILITY IN I/O SIGNAL HANDLING
IX73077 SECURITY: FTP BOUNCE VULNERABILITY
IX73214 SECURITY: TELNET DENIAL OF SERVICE ATTACK
IX73438 SECURITY: VULNERABILITY IN DTAPPGATHER
IX73586 SECURITY HOLE IN FTP, TFTP, UTFTP
IX73836 /ETC/HOSTS.EQUIV IS ALLOWING WRONG USERS TO LOG IN
IX73951 SECURITY: ROUTED SHOULD IGNORE TRACE PACKETS
IX73961 PCNFSD DAEMON UPDATES WTMP FILE INCORRECTLY
IX74296 PROGRAMS USING LEX GENERATED SOURCE COREDUMP
IX74599 SECURITY: VULNERABILITY IN DIGEST
IX74793 SECURITY HOLE IN TN3270
IX74802 CSH CORE DUMPS WHEN ENV VARIABLE IS LONGER THAN 2K
IX75275 SECURITY: LOGSYMPTOM FOLLOWS SYMLINKS
IX75554 SECURITY: TIMEX CREATES INSECURE TEMPORARY FILES
IX75564 ETHERNET DRIVER PASSES PACKETS TOO SMALL CAUSING CRASH
IX75566 SECURITY: NON-ROOT USERS CAN CREATE AND BIND TO AF_NDD SOCKETS
IX75761 BAD FILE HANDLE CAN CRASH LOCK DAEMON
IX75840 SECURITY: DEAD.LETTER CREATED WITH GROUP PRINTQ
IX75864 SECURITY: /BIN/MAN CREATES INSECURE TEMPORARY FILES
IX76015 NFS V2 DOES HANDLE 65535 AS A UID
IX76039 SECURITY: DPID2 CORE DUMPS IN WORLD WRITABLE DIRECTORY
IX76040 SECURITY: SNMPD LOG FILE FOLLOWS SYMLINKS
IX76049 SECURITY: CDE TRASHINFO FILE CREATED WORLD-WRITABLE
IX76960 BIND: CERT ADVISORY CA-98.05
IX76962 BIND: CERT ADVISORY CA-98.05
IX77338 SECURITY: SORT CREATES INSECURE TEMPORARY FILES
IX77508 CDE MAILER (DTMAIL) ALLOWS A USER TO READ A MAILBOX WHICH THE
IX77592 SECURITY: PORTMAP CREATES INSECURE TEMPORARY FILES
IX78071 IFCONFIG.AT HAVE A WRONG FILE PERMISSIONS
IX78202 SECURITY: BUFFER OVERFLOWS IN XTERM AND AIXTERM.
IX78248 SECURITY: VULNERABILITY IN GROUP SHUTDOWN
IX78349 SECURITY: BAD PERMISSIONS ON /ETC/SECURITY/LOGIN.CFG
IX78564 SECURITY:LONG FONTNAMES CAN OVERFLOW BUFFERS IN FONTSERVER
IX78612 SECURITY: BUFFER OVERFLOWS IN XAW AND XMU.
IX78646 SECURITY: RC.NET.SERIAL CREATES INSECURE TEMPORARY FILES
IX78719 NFS V2 DOES NOT HANDLE 65535 AS A UID
IX78732 SECURITY: FILES IN /VAR/DT ARE CREATED INSECURELY BY CDE LOGIN
IX79136 SECURITY: INSECURE TEMPORARY FILES IN DIAGSUP SCRIPTS
IX79139 SECURITY: ACLPUT/ACLEDIT CREATE INSECURE TEMPORARY FILES
IX79679 "RCP SECURITY PROBLEM"
IX79681 SECURITY: INSECURE TEMPORARY FILES IN CMDMISC SCRIPTS
IX79682 SECURITY: INSECURE TEMPORARY FILES IN CMDSCCS SCRIPTS
IX79683 SECURITY: INSECURE TEMPORARY FILES IN CMDTZ SCRIPTS
IX79700 SECURITY: INSECURE TEMPORARY FILES IN CMDNLS SCRIPTS
IX79701 SECURITY: INSECURE TEMPORARY FILES IN CMDTEXT SCRIPTS
IX79857 SECURITY HOLE
IX79909 NSLOOKUP CORE DUMPS WITH LONG STRINGS
IX79979 SECURITY: VULNERABILITY IN GROUP SHUTDOWN
IX80036 SECURITY: CRON CREATES INSECURE LOCK FILE
IX80387 SECURITY: INSECURE CREATION OF LPD LOCK FILE
IX80391 SECURITY: INSECURE TEMPORARY FILES IN CMDSNAP SCRIPTS
IX80447 SECURITY: BUFFER OVERFLOWS IN IMAPD
IX80470 SECURITY: PTRACE() PROBLEM WITH SET-GID PROGRAMS
IX80510 SECURITY: DON'T INHERIT CLOSED STDIN,STDOUT,STDERR DESCRIPTORS
IX80543 SECURITY:LIBNSL BUFFER OVERRUNS
IX80548 SECURITY: RAS SCRIPTS SHOULDN'T FOLLOW SYMLINKS
IX80549 SECURITY: /BIN/MORE CREATES INSECURE TEMPORARY FILES
IX80762 SECURITY: /BIN/VI CREATES INSECURE TEMPORARY FILES
IX80792 SECURITY: BUFFER OVERFLOWS IN IMAPD
IX81058 SECURITY: INSECURE TEMPORARY FILES IN CMDBSYS SCRIPTS
IX81077 SECURITY: TTYLOCK() ALLOWS CREATION OF WORLD-READABLE FILES
IX81078 SECURITY: INSECURE TEMPORARY FILES IN CMDFILES SCRIPTS
IX81442 SECURITY: VULNERABILITY IN RPC.TTDBSERVERD
IX81507 SECURITY: MORE VULNERABILITIES IN PCNFSD
IX81999 POST COMMAND SHOULD NOT BE SUID
IX82002 FORCE REXECD USER PRIVILEDGES
IX83752 SECURITY: VULNERABILITY IN AUTOFS
IX84493 SECURITY: VULNERABILITY IN SETGID EXECUTABLES
IX84642 SECURITY: VULNERABILITY IN INFOEXPLORER DAEMON (INFOD)
IX85233 SECURITY : MAILBOX GETS CORRUPTED
IX85556 SECURITY: BUFFER OVERFLOW IN FTP CLIENT
IX85600 BOOTP: CERT ADVISORY
IX86845 SVCAUTH_UNIX CRASH ON NEGATIVE NUMBER
IX87016 REMBAK FAILS WHEN INVOKED WITH VERY LONG USERNAME/HOSTNAME
IX87669 NULL MBUF CAN CRASH SYSTEM IN NFS CODE
IX87727 STOP UNCOMMENTING RPC DAEMONS IN /ETC/INETD.CONF AFTER NFS
IX88021 ADD FINGER TIMEOUT
IX88263 SECURITY: SNAP MAY LEAK SENSITIVE INFORMATION
IX88633 SECURITY: INSECURE TEMPORARY FILES IN /SBIN/RC.BOOT
IX89182 LICENSE SERVER HANGS
IX89415 SECURITY: XAUTH IS BROKEN IN 4.3.X
IX89419 SECURITY: BUFFER OVERFLOW IN DTSPCD
IX89687 SECURITY: NFS SCRIPTS CREATE INSECURE TEMPORARY FILES
IY00892 INSECURE TEMPORARY FILES IN BOS.PERF PACKAGING SCRIPT
IY01439 SECURITY: INSECURE TEMPORARY FILES IN /ETC/RC.POWERFAIL
IY02120 SECURITY: BUFFER OVERFLOW IN NSLOOKUP
IY02397 SECURITY: NON-ROOT USERS CAN USE PTRACE TO CRASH THE SYSTEM
IY02944 SECURITY: BUFFER OVERFLOW IN "DTACTION -U"
IY03849 SECURITY: VULNERABILITY IN TTSESSION
IY04477 SECURITY BUFFER OVERFLOWS IN FTPD
IY04865 SECURITY: NON-ROOT USERS CHANGE SYS INFO VIA SNMPD
IY05249 SECURITY: BUFFER OVERFLOWS IN SNMPD
IY05772 SECURITY: POSSIBLE BUFFER OVERFLOW IN AIXTERM TITLE HANDLING
IY05851 NAMED8: SECURITY VULNERABILITIES IN BIND
IY06059 GENFILT CANNOT FILTER PORT NUMBERS > 32767
IY06367 SECURITY: VULNERABILITY IN DTPRINTINFO
IY06589 BUG IN GET_SEQNUM
IY06694 SECURITY: ANOTHER BUFFER OVERFLOW IN DTSPCD
IY06697 SECURITY: RPC.MOUNTD ALLOWS FILENAME DISCOVERY AGAIN
IY06814 CRASH IN FLTR_IN_CHK() M_COPYDATA()
IY06817 XDM HAS TROUBLE WITH LONG PASSWORDS
IY07265 CHSEC ALLOWS NON-ADMIN USR TO CHANGE ADMIN USER ATTRIBUTES
IY07425 IN CERTAIN CASES, LIBQB ROUTINE CAN CAUSE CORE DUMP
IY07831 SECURITY: BUFFER OVERFLOW IN SETCLOCK
IY07832 SECURITY: ANOTHER BUFFER OVERFLOW IN PORTMIR
IY08128 SECURITY: VULNERABILITY IN MKATMPVC
IY08143 SECURITY: BUFFER OVERFLOWS IN ENQ COMMAND
IY08606 SECURITY: BUFFER OVERFLOW IN _XAIXREADRDB
IY08812 SECURITY: BUFFER OVERFLOW IN SETSENV
IY09514 SECURITY: VULNERABILITY IN FRCACTRL
IY09941 SECURITY: LOCAL USERS CAN GAIN WRITE ACCESS TO SOME FILES
IY10250 DHCPSD: SECURITY: D-O-S ATTACK VULNERABILITY
IY10805 MKATM IS A SHELL SCRIPT AND SHOULDN'T BE SETUID
IY11067 X SERVER FREEZES DUE TO DOS
IY11224 SECURITY: BUFFER OVERFLOW IN XTERM
IY11233 SECURITY: NCS CMDS LINKED WITH INSECURE LINKER ARGUMENT
IY11450 SECURITY: BUFFER OVERRUN IN MIT KERBEROS LIBRARIES
IY12147 NON-ROOT USERS CAN ISSUE THE NETSTAT -Z FLAG
IY12251 SECURITY: POSSIBLE VULNERABILITIES IN ERRPT
IY12638 SECURITY: BUFFER OVERFLOW IN PRINT CMDS
IY13753 SECURITY: FORMAT STRING VULNERABILITY IN LOCALE SUBSYSTEM
IY13780 SECURITY: BUFFER OVERFLOW IN LIBNTP
IY13781 SECURITY: FORMAT STRING VULNERABILITY IN FTP CLIENT
IY13783 FORMAT STRING VULNERABILITIES IN GETTY'S ERROR LOGGING FUNCS
IY14512 DNS CERT ADVISORY FOR SRV & ZXFR BUGS
IY14537 BUFFER OVERFLOW IN BELLMAIL
IY15146 SYSLOGD:BUFFER OVERFLOW AND IMPROPER CONTROL CHARACTER ESCAPES
IY16182 SECURITY: BUFFER OVERFLOW IN BIND8
IY16214 BUFFER OVERFLOW AND FORMAT STRING VULNERABILITIES IN BIND 4.X
IY16271 SECURITY: INFOLEAK IN NUMEROUS VERSIONS OF NAMED4 AND NAMED8
IY17048 SECURITY: POSSIBLE BUFFER OVERFLOW VULNERABILITY IN CRONTAB
IY17932 SECURITY: IMAPD BUFFER OVERFLOW
=========================================================


当运行mksysb时,系统报错:“rootvg is locked”(根卷组被锁定)

环境 AIX V4
问题 用户在试图运行mksysb时,得到一个错误信息:“rootvg is locked”(根卷组被
锁定),导致不能进行备份。
解答 要解开rootvg,键入以下命令:

# chvg -u rootvg

 


如何在Documentation Search Service中删除文档?

环境 AIX V4
问题 当把一个应用安装到服务器时,如果一个文档和它的索引被自动注册到系统中,你必须用uninstall的方式把它删除。如果只是删掉注册的文档或它的索引,它会在search service中保持注册,这将会在查询过程中产生错误信息,因为search service将试图查询已丢失的索引。
另外,如果你想删除系统管理员手工注册的文档,你必须先从search service中删除其注册状态。
如何在Documentation Search Service中删除文档呢?
解答 可以用以下的方式:
如:这个例子中使用cmds01en 作为索引的例子。

以 root 登录;

键入:
/usr/IMNSearch/cli/imndomap /var/docsearch/indexes -d cmds01en

键入:
cp /var/docsearch/indexes/imnmap.dat /usr/docsearch/indexes

键入:
/usr/IMNSearch/cli/imnixdel cmds01en

这样做完后,就可以删掉该文档和它的索引了。

显示屏幕,进行类似于上述2中的操作即可.

CDE 不能启动解疑(一)

环境 AIX V4.x
问题 在CDE界面登录后,系统挂起或极慢,怎么解决?
解答 可尝试用以下的方法去解决:
首先重启机器,并用命令行方式进入。

1. 用df命令检查是否有文件系统满,特别是/及/var文件系统,如是,请清理或扩大之。
2. 用如下命令
  hostname
uname -n
cat /etc/hosts
检查是否在机器名的设置上有冲突
3. 用 smitty mktcpip 命令检查TCP/IP的设置是否正确,如设置了DNS 域名解析,要保证DNS服务器能被访问到。
如是新装机,网络配置不完善时,建议先不使用DNS。
4. 如果以上方法还不成功,可以重安装 X11.base.rte, X11.Dt.rte 和 X11.Dt.helpinfo 一试。

 

 


只有root用户可以登录Xwindows,但普通用户不能登录, 如何处理?

环境 软件:AIX V4
问题 只有root用户可以登录Xwindows,但普通用户不能登录, 如何处理?
解答 请检查并修改以下文件的访问权限:

/dev/null (666)
/dev/lft0 (666)
/dev/tty (666)
/dev/console (622)

 

 


CDE 不能启动解疑(二)

环境 软件: AIX V4.3
问题 安装或升级AIX 后,服务器成功启动,但控制台是黑屏。有时,可以看到Welcome窗口,但必须退出这个窗口,login提示
才能显示。或者是,你可以telnet进来,用kill杀掉并重启dtlogin进程,login提示才能显示。总之,你可以telnet到这
台服务器, 但进不了CDE。
解答 从主控台或telnet以root用户登录到服务器,用编辑器(如vi)编辑 /etc/inittab , 用冒号(:)注释掉以下行:
welcome:2:wait:/usr/lib/assist/welcome.launch

用shutdown -Fr 重启机器。

注意:这个问题常因为你没安装Netscape 浏览器,或该浏览器安装得有问题而出现。


 

 


执行execd时出现错误0826-604

环境 产品:AIX
软件版本:AIX V4
问题 执行execd时出现错误0826-604: the login is not correct
解答 修改/etc/inetd.conf文件
#vi /etc/inetd.conf

将: exec stream tcp6 nowait root /usr/sbin/rexecd rexecd
改为: exec stream tcp6 nowait root /usr/sbin/rexecd rexecd -c

最后保存该文件。
再用下面刷新inetd进程:
# refresh -s inetd

 

 

 


如何配置AIX 5L 中的 Processor Entitlement

环境 产品,RS6000, Pseries
平台,RS
软件版本, AIX 5L V5.1
问题 如何配置AIX 5L 中的 Processor Entitlement
解答 在配置AIX5L时,会弹出一窗口,询问processor Entitlement 的个数,可根据系统中配的CPU个数来定.
如系统中配了4个CPU,此时processor Entitlement就应配4.
 

 

 


AIX 5L 的特点

环境 产品,RS6000
平台,RS
软件版本, AIX 5L
问题 AIX 5L 的特点
解答 1. AIX5L 与以前的版本不同之处在与名字,这里的“L”代表LINUX。它与LINUX有极好的亲合力。
2. AIX5L 不仅支持IBM POWER处理器,也支持Intel 的64位Itanium 处理器。
3. IBM AIX5L 最多可支持32个处理器。在系统管理,安全方面,网络功能上提供了增强特性。
4. 在AIX5L中可使用system V 的部分命令

 

 

 

 


怎样镜像rootvg

环境 产品 AIX
平台 RS/6000
软件版本 AIX 4.3.3
问题 怎样镜像rootvg?
解答 现举例如下:
1. 添加新硬盘到rootvg
#extendvg rootvg hdisk1

2. 镜像rootvg
#mirrorvg -c 2 rootvg hdisk1

3. 重新生成 boot image
#bosboot -ad /dev/hdisk0

4. 更新bootlist
#bootlist -m normal hdisk0 hdisk1 cd0

5. 重起系统
#shutdown -Fr

 

 

 

 


AIX 5L v5.1在网络方面增加了那些新功能?

环境 产品:RS/6000
平台:pSeries
软件版本:AIX
问题 AIX 5L v5.1在网络方面增加了那些新功能?
解答 在AIX 5.1中在网络方面增加了许多新功能,包括:

IP Multipath Routing(IP,多路径路由)
Dead Gateway Detection(DGD, 失效网关检测)
Network Interface Backup(网卡备份)
Virtual Ip Address(VIPA,虚拟IP地址)


如何什么是Dead Gateway Detection(DGD, 失效网关检测)?

环境 产品:RS/600
平台:pSeries
软件版本:AIX 5L
问题 什么是D