HPE Community
Operating System - HP-UX
1835228 Members
8044 Online
110078 Solutions
New Discussion

Bastille Error Message

 
SOLVED
Go to solution
MikeL_4
Super Advisor

‎11-02-2004 02:46 AM

‎11-02-2004 02:46 AM

Bastille Error Message

When running bastille -b I received the following:
ERROR: You are not authorized to perform the requested operation on the "host" ACL at ":/". Depending on whether you are attempting to list or modify the ACL, you do not have the required "test" or "control" permission, respectively. (Use the "id" command to find out the identity information used by SD to determine your access permissions.)

I was running bastille as root and the id command output:
uid=0(root) gid=3(sys) groups=0(root),1(other),2(bin),4(adm),5(daemon),6(mail),7
(lp),20(users)
0 Kudos
9 REPLIES 9
Sridhar Bhaskarla
Honored Contributor

‎11-02-2004 02:52 AM

‎11-02-2004 02:52 AM

Solution

Re: Bastille Error Message

Mike,

Looks like it is an SD/UX problem rather than Bastille. Can you just bring up 'swinstall' window without any issues?. If not, then try the following.

1. kill -9
swagentd -r
2. Make sure your 'hostname' is resolvable and pingable. Check the entries in your /etc/hosts file and /etc/nsswtich.conf file.
3. Run 'swacl -l root' and see if it returns permissions for this host.

Once your 'swinstall' works, then your bastilly should work.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
MikeL_4
Super Advisor

‎11-02-2004 03:20 AM

‎11-02-2004 03:20 AM

Re: Bastille Error Message

This server was renamed a few months ago, and it looks like that may be causing the problem ???
I did as you suggested and the swacl output produced the following:
root@vspftp2:[/root]:=>swacl -l root
#
# swacl Installed Software Access Control List
#
# For host: vspftp2:/
#
# Date: Tue Nov 2 11:15:44 2004
#

WARNING: An attempt to get the network host entry for "vspsmtp2"
failed. This may result in denial of access to users and
agents at this host. Check the spelling of this name, then
your "/etc/hosts" file, or your "/etc/resolv.conf" file and
DNS resolver configuration. The nslookup program may be
helpful in isolating this problem.
# Object Ownership: User= root
# Group=sys
# Realm=vspsmtp2
#
WARNING: An attempt to get the network host entry for "vspsmtp2"
failed. This may result in denial of access to users and
agents at this host. Check the spelling of this name, then
your "/etc/hosts" file, or your "/etc/resolv.conf" file and
DNS resolver configuration. The nslookup program may be
helpful in isolating this problem.
# default_realm=vspsmtp2
object_owner:crwit
any_other:-r---
root@vspftp2:[/root]:=>
0 Kudos
Steven E. Protter
Exalted Contributor

‎11-02-2004 03:25 AM

‎11-02-2004 03:25 AM

Re: Bastille Error Message

How did you rename the server:

checklist:

hostname in /etc/rc.config.d/netconf
/etc/hosts
fully qualified domain name on any DNS server thats listed in /etc/resolv.conf

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Sridhar Bhaskarla
Honored Contributor

‎11-02-2004 03:28 AM

‎11-02-2004 03:28 AM

Re: Bastille Error Message

Yep. Looks almost like it. Check these things.

1. Make sure your 'hostname' (command hostname) is correctly resolvable. If you need to, edit /etc/hosts and add 'hostname IP Address'. Make sure the entry 'files' comes first in your /etc/nsswitch.conf file for 'hosts'.

2. Restart swagentd. "kill -9
-Sri

You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
MikeL_4
Super Advisor

‎11-02-2004 03:30 AM

‎11-02-2004 03:30 AM

Re: Bastille Error Message

modified the /etc/rc.config.d/netconf file

root@vspftp2:[/root]:=>nslookup vspsmtp2
Using /etc/hosts on: vspftp2

looking up FILES
Trying DNS
*** cvgdns3.convergys.com can't find vspsmtp2: Non-existent domain
root@vspftp2:[/root]:=>nslookup vspftp2
Using /etc/hosts on: vspftp2

looking up FILES
Name: vspftp2
Address: 172.17.101.106
Aliases: vspftp2.dcd.convergys.com

root@vspftp2:[/root]:=>
0 Kudos
Sridhar Bhaskarla
Honored Contributor

‎11-02-2004 03:36 AM

‎11-02-2004 03:36 AM

Re: Bastille Error Message

Mike,

Since you are using default ACLs, I suggest you re-initialize the ACL entries. To do it, do

#/sbin/init.d/swagentd stop
Make sure you have no 'swagent' process running "ps -ef|grep sw". Kill them if you see them running.
#mv /var/adm/sw/security /var/adm/sw/security.old
#cp -Rp /usr/newconfig/var/adm/sw/security /var/adm/sw/security
#/sbin/init.d/swagentd start

Try again.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
MikeL_4
Super Advisor

‎11-02-2004 04:49 AM

‎11-02-2004 04:49 AM

Re: Bastille Error Message

Tried the above, and the swacl command still gives a warning about vspsmtp2 as it did before.
0 Kudos
Steven E. Protter
Exalted Contributor

‎11-02-2004 04:57 AM

‎11-02-2004 04:57 AM

Re: Bastille Error Message

I think you need to straigten out networking and hostname and DNS and then follow Sri's recommendation concerning ACL.

If the first thing is not set, the second will be an issue.

Also, what is your patch state?

June 2004 Quarterly release?
Also search the patch database, build a depot and install ALL SD/UX patches.

Patch analysis?

http://www6.itrc.hp.com/service/patch/mainPage.do

Good ideas all.


SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
MikeL_4
Super Advisor

‎11-03-2004 01:15 AM

‎11-03-2004 01:15 AM

Re: Bastille Error Message

Thanks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.