cancel
Showing results for 
Search instead for 
Did you mean: 

security Containment RBAC

 
SOLVED
Go to solution
Antonio Egea
Advisor

security Containment RBAC


Hello,

I am not able to guess what this error means in the rbacdbchk. It only appears with an rbacdbchk, but not with one of the options alone (-r, -a, -u, -c, -R, -x), and it is not showed when -vvv is used (I can see all the checking around the DBs is done but the error is not there)

# rbacdbchk
[Invalid Authorization in role_auth DB. Auth with operation='hpux.*' and object='*' does not exist in the auths DB]
Administrator:(hpux.*, *)

In other environment this is working, being the user_role, roles, role_auth, cmd_priv and auths files the same.

Any help or clue will be welcomed, thank you in advance

#rbacdbchk -vvv

### Checking database /etc/rbac/roles
Checking field values in line: 'Administrator: Sample role shipped with system; assigned all auths by default'
...(and some more)

### Checking database /etc/rbac/auths
Checking field values in line: '(hpux.*,*):'
Checking field values in line: '(hpux.admin.boot.config,*):'
Checking field values in line: '(hpux.admin.boot.make,*):'
Checking field values in line: '(hpux.admin.boot.remove,*):'
Checking field values in line: '(hpux.admin.kernel.config,*):'
Checking field values in line: '(hpux.admin.kernel.crash.save,*):'
...
4 REPLIES
smatador
Honored Contributor

Re: security Containment RBAC

Hi,
I'm not very familiar with rbac, but normally as I understand the messages says that in the file /etc/rbac/role_auth you have a value
Administrator: (hpux.*, *) that is not matching the auths file. But the auths file are always like (hpux.*,*):
So maybe there is a typo error on the /etc/rbac/role_auth that you can not see while the rbacdbck can check it.
Copy this line from another good server could help you?
HTH
Antonio Egea
Advisor

Re: security Containment RBAC

We thought about that, but the copied all the files from the working server to the failing one and it the same error is appearing...

They are having some issues with Ignite and maybe that's the problem but I am not sure
smatador
Honored Contributor
Solution

Re: security Containment RBAC

Hi Antonio

>We thought about that, but the copied all the files from the working server to the failing one and it the same error is appearing...

That's mean, the db is ok. So I suppose the problem is on the rbacdbchk command.
You write about ignite issue. What's the problem? Do you have restore this box?


Do you have check about library of rbackdbchk
ldd /usr/sbin/rbacdbchk
and compare ll with another good one.
You could also check about patches like
PHCO_40362

HTH


Antonio Egea
Advisor

Re: security Containment RBAC

We are investigating the corruption problem. From a tusc looks like it is opening the /etc/rbac/auths several times with different contents, I will try cksum