[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference smurf::dec_mls_plus

Title:dec_mls_plus
Moderator:SMURF::BAT
Created:Mon Nov 29 1993
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:534
Total number of notes:2544

477.0. "Need to run setfiles..." by ADISSW::FERRARA () Wed Apr 16 1997 15:27

    
    
    Help!!!
    
    I just rebooted my MLS+ 4.0 machine and when I try to login
    as a user I get:
    
    	setfiles(8) has failed and system integrity is in an intermediate
    	state.  The system administrator must perform trusted recovery
    	manually before logins can be permitted.
    
    
    What do I need to do...
    
    
    From my root account, I ran 'integrity' and displays several errors.
    I then ran setfiles and corrected some of the errors...but not all...
    
    I'm not sure how I got into this state........
    
    
    -Bob
T.RTitleUserPersonal
Name		DateLines
477.1why not?SMURF::BATSegui la tua beatitudineThu Apr 17 1997 21:2517
    What messages are you getting from setfiles that indicate that it is
    not resetting which file attributes?
    
    It is possible to get too many setfiles errors if you have, for
    example, changed your Encodings file, or your MACILBDBASE, or
    PACILDBASE, or something similiar.  Particularly if you changed the
    IR value for syslo.
    
    In EvalLand, if setfiles finds any errors, it should scream at the ISSO
    to look more closely at what did not agree with the entries in the
    /etc/auth/system/files file.  The ISSO can then determine if some user
    was being naughty, or it was just some program (read: programmer) not
    cleaning up (being naughty).  
    
    Normally, you just re-run setfiles and go on your merry way.  But
    setfiles should fix everything.  If it did not, then there is a deeper
    question to answer.
477.2I'd like to see what the errors areSMURF::BATSegui la tua beatitudineSat Apr 26 1997 00:242
    Bob, when this happens again, and you can afford the time for me to
    run down there and look at it, call me.
477.3ADISSW::FERRARAMon Apr 28 1997 12:394
    
    Please stop by anytime (or give a call first)...ZKO2-2/R46
    
    -Bob
477.4Reason: We didn't/don't have the time to do it user-friendlySMURF::BATSegui la tua beatitudineMon May 05 1997 23:2227
    setfiles was failing with a "cannot set SL..." or "Name SL" on some
    directories.  The directories were not empty, therefore the directory
    label could not be changed (an arbitrary "feature" = poor design
    decision [i.e., quick and dirty]) on our part.
    
    To fix it, root 	(i.e., process SL is syslo and you have allowmac)
    has to log in and do:
    
    	# mv directory_name directory_name.foo
    	# cp -p -r directory_name.foo directory_name
    		(this has the effect of duplicating the directory
    		contents but now with the syslo SL)
    	# setlevel -s syshi
    		(process SL must dominate the directory's SL)
    	# rm -rf directory_name.foo
    	# setlevel -s syslo
    		(set it back so we don't do something else at SL syshi)
    	# /tcb/bin/setfiles
    		(until there are no more errors)
    
    Or the functional equivalent.
    
    The problem occurred because setld has not been "MLS+'d". If it had
    been, then the fact that the user inadvertantly ran setld and installed
    some subset or other while at a process SL other than syslo would not
    have had this side effect.
477.5no time for anythingSMURF::BATSegui la tua beatitudineMon May 05 1997 23:269
    Oh yes, one more thing:
    
    Only the user root is allowed to login if the file /etc/nologin exists.
    Evidently setfiles (or the init script, I haven't looked) creates this
    file if setfiles fails when run during system startup.
    
    To get rid of it: remove it.  (I suppose the init script or setfiles
    would delete the file if setfiles runs successfully, but I didn't look
    for that either.)