DRAFT: This page *IS* being written. Any suggestion is welcome!
You can try! :-)
SECclean try to be very careful when it touch some existing files. SECclean installation will tell you which file were modified and were the original was saved. You may need to re-edit some configuration files and re-apply some setting. I can say a firm yes as I don't want to be responsible for some disater :-) but in the worst case, de-installing it should put you back in order.
Note: Yassp or SECclean will change the Solaris setting. It won't be aware of any additional configuration files or startup file. It is up to the administrator to verify any additional software. Any additional startup script will *not* be controlled by /etc/yassp.conf
The tarball will refuse to install. If you try the manual installation, SECclean will
failed to install the right /etc/init.d/inet[svc|inet] init file as it won't have the one
corresponding to your OS.
Solaris 8 is supported since Beta-final#6.
Some people reported problems running Netscape server or communicator after installing YASSP. It looks like Netscape products need nscd to work properly. Edit /etc/rc.conf and set NETSCAPE to 'YES'.
SECclean turn off most of the services by default. Edit /etc/rc.conf and re-enable what you need.
Hard to say what is wrong, but here is two good starting points:
YASSP changes the system-wide umask set in /etc/profile to 077 by default . This means that new directories are created with permissions of 0700, rather than the 0755 that would be the case for most non-YASSP systems. If a directory `/foo' is created with these permissions, and is then used to mount a filesystem whose top-level directory has less restrictive permissions, such as 0755, then `/foo' will appear to have those less restrictive permissions:
# ls -ld /foo
/foo: No such file or directory
# umask 077
# mkdir /foo
# ls -ld /foo
drwx------ 3 root other 512 Aug 22 09:19 /foo
# mount /dev/dsk/c1t0d0s1 /foo
# ls -ld /foo
drwxr-xr-x 3 root other 512 Jul 24 11:16 /foo
Since a filesystem cannot know beforehand where it will be mounted, it can't know what the permissions on the parent directory of its mount point will be, and thus the entry for `..' in the top-level directory of a filesystem is meaningless. Thus, when an attempt is made to access `/foo/..' (for example, via a pwd), the OS actually does a stat of the `..' entry in the directory `/foo' under the root filesystem, rather than the `..' entry in the top-level directory of the mounted filesystem stored on /dev/dsk/c1t0d0s1 (or whatever the device is). Since the permissions on that hidden mount point do not allow access to users other than the root user, the stat will fail:
$ ls -l /foo/..
/foo/..: Permission denied
$ cd /foo
pwd: Permission denied
$ sudo pwd /foo
YASSP has thus not broken anything; instead, this is the correct behaviour (on all UNIX-like OSes other than Linux) for a somewhat pathological situation that YASSP makes more common.
Fix: The proper workaround is to unmount the filesystem, change the permissions on the mount point to match those of the filesystem's top-level directory, and remount the filesystem.
$Id: faq.html,v 1.8 2000/07/20 21:23:25 jean Exp $; Jean Chouanard, Xerox PARC [Manual Update by Sean, 23 Aug 2000]