Server Management - Remote Server Management

smartupdate 8.8 for rhel7 won't run - error /var/tmp file system doesn't have write/exec permission

 
majorgear
Occasional Contributor

smartupdate 8.8 for rhel7 won't run - error /var/tmp file system doesn't have write/exec permission

## Error Message

 

# smartupdate -h
SUM uses /var/tmp as log directory and the /var/tmp file system doesn't have write/exec permissions

 

## OS Release Info

 

cat /etc/*release
CentOS Linux release 7.8.2003 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

CentOS Linux release 7.8.2003 (Core)
CentOS Linux release 7.8.2003 (Core)

 

## SUM Package Info

 

Installed Packages
Name : sum
Arch : x86_64
Version : 8.8.0
Release : 39.rhel7
Size : 248 M
Repo : installed
From repo : /sum-8.8.0-39.rhel7.x86_64
Summary : Smart Update Manager
URL : http://www.hp.com/go/proliantlinux
License : (C) Copyright 2016 Hewlett Packard Enterprise Development LP
Description : This package contains Smart Update Manager

 

## /var/tmp permissions

 

# ll / | grep var
drwxr-xr-x 21 root root 4096 Jun 16 20:37 var
# ll /var | grep tmp
drwxrwxrwt 7 root root 4096 Jun 29 12:06 tmp

 

Additional Information

Due to security requirements, out HP proliant DL325 servers cannot access the HP firmware repo directly. We are replicated the repo to an intranet host, and HP yum clients pull packages from the local servers. basically following this model for using smartupdate - https://downloads.linux.hpe.com/SDR/project/hpsum/.

Tried so far.

I've tried downgrading from 8.8 to 8,7, that did not change the issue.

I tried setting environment variable "MOUNT_TEMPDIR" to a folder without the "noexec" option, but that did not fix the issue either. 

Similar Question on this forum

I saw another discussion about this exact issue where the solution was to remove the "noexec" option from the fstab.

/var/tmp and /tmp are known entry points for viruses. It would be a security violation if I removed the "noexec" option from the mount points.

Is there a solution?

This sounds like a bug as the application should only need read/write access to write log files. So why does it check for execute rights?   More importantly, is there a work around or fix for this issue?

1 REPLY 1
AmRa
HPE Pro

Re: smartupdate 8.8 for rhel7 won't run - error /var/tmp file system doesn't have write/exec permis

We can see you have already checked by downgrading SUM version from 8.8 to 8,7, but that did not change the issue.


However will you refer resolution section in below customer advisory and share the observation. It might be the issue continued in 8.7 later versions also.

https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-a00098969en_us

Else open tech support ticket with HPE support team for further troubleshooting.

 

I am an HPE Employee

Accept or Kudo