This utility provides a way to lock or unlock security on your ITM installation. One of the problems with earlier fixpacks was that many of the ITM directories had a world read/write permissions so that the non-root user could install/uninstall components. But, these world read/write permissions are not needed for a normal operations and they present a security vulnerability. With the help of SecureMain utility, you can unlock the permissions for installation directory, install/uninstll products as non-root user and then lock the permissions by running the secureMain utility again.
$ sudo secureMain unlock
Enter the root password if propmted
$ sudo secureMain lock
Enter the root password if prompted
SecureLock & SecureUnlock utilities
SecureMain is a shell script that calls SecureLock or SecureUnlock scripts internally. So, instead of running SecureMain with lock/unlock parameters, you could directly run the SecureLock or SecureUnlock utilities. Why would you want to do this? The secureLock and secureUnlock utilities accepts an userid as argument. They are useful if you want to specify an explicit userid to which you want to lock/unlock the installation directories.
Wednesday, March 12, 2008
Tighten ITM Security using Secure* utilities