16. LIDS How-Tos, FAQs and Troubleshooting

 









16.1. Visibility of /etc/lids






Sometimes /etc/lids is visible — it shouldn't be!  





/etc/lids is visible in BOOT mode;  it is not visible in 
POSTBOOTmode, so check you have switched (e.g., lidsadm -I).  
The directory is also visible in a LIDS-free session.







16.2. LIDS Password/Authentication Oddities







16.2.1. lidsadm -S... works the second time but not the first!






For example, with lidsadm -S -- -LIDS, it fails with 
"switching lids failed" the first time, but a second time it works
fine with "no global capabilities changed".  This is because
you need to be in POSTBOOT mode — this is usually reached
via lidsadm -I, but lidsadm -S..., even a non-authenticated
failure, changes mode to POSTBOOT.






16.2.2. Sometimes the wrong password is accepted!






Change to POSTBOOT mode — use lidsadm -I.






16.2.3. It just doesn't work what ever I do!






Okay, you've installed lidstools without an apparent hitch, setting
the password when prompted, but no matter what you do, lidsadm -S
won't authenticate — you've even tried un-installing lidstools
and re-installed, to no avail.





Check you have the extended attributes set in your kernel

    CONFIG_EXT3_FS=y              # ...and/or EXT2, depending on /etc/fstab
    CONFIG_EXT3_FS_XATTR=y
    CONFIG_EXT3_FS_POSIX_ACL=y
    CONFIG_EXT3_FS_SECURITY=y


and that filesystems are mounted using these — ensure acl is
included under the mount options in /etc/fstab and that mount
shows this:

    prompt> mount
    /dev/hda10 on / type ext3 (rw,acl,errors=remount-ro)
    proc on /proc type proc (rw)
    .
    .
    prompt> 







 



...previousup (conts)next...




About this document:



Produced from the SGML: /home/mc/public_html/_unix_security/_reml_grp/unix_sec_kernel_lids.reml


On: 19/5/2006 at 11:53:2
Options: reml2 -i noindex -l long -o html -p multiple