HPE Community
Operating System - HP-UX
1827677 Members
3398 Online
109967 Solutions
New Discussion

swacl host acl corrupt

 
Ian Killer_1
Regular Advisor

‎05-17-2002 03:51 AM

‎05-17-2002 03:51 AM

swacl host acl corrupt

TO be honest I screwed up. I have a fresh install of v11.00 and we were experiencing host name resolving problem that appeared to be a permissions problem. In my haste to fix this I modified the /var/adm/sw/security/_ACL files and didn't keep a copy. Doh!. Anyway, since restarting the swagentd I get a host acl file corrupt whenever I try to use swacl. It recommends restoring the old acl file from backup but I don't yet have one. I copied the acl files from /usr/newconfig.. and preserved the timestamp but I still get the acl corrupt error. How does SD determine whether the ACL file is corrupt and is there a way around it, like pulling correct files out of the sd database?

Here's the error...


ovmngr12# swacl -l host
#
# swacl Host Access Control List
#
# For host: ovmngr12
#
# Date: Thu May 16 13:52:20 2002
#

ERROR: The "host" ACL at "ovmngr12:/" is corrupt. It must be
restored from a recent backup before the requested operation
can be performed.
ovmngr12#

Where ever the gypsies rome.
0 Kudos
Reply
11 REPLIES 11
Pete Randall
Outstanding Contributor

‎05-17-2002 04:15 AM

‎05-17-2002 04:15 AM

Re: swacl host acl corrupt

Ian,

I've attached my file. Hope this helps.

Pete

Pete
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

‎05-17-2002 04:18 AM

‎05-17-2002 04:18 AM

Re: swacl host acl corrupt

The ACL files in /usr/newconfig... are different from the ones we use. Ive checked a few servers, ours in /var/adm/sw/security are all the same, I suggest your try rebuilding them yourself (theyre tiny). Heres how all ours look;

> cat _ACL
# default_realm=
any_other:r----

> cat _PROD_DFLT_ACL
# default_realm=
user_obj:rwict
any_other:r----

> cat _SOC_DFLT_ACL
# default_realm=
user_obj:rwict
any_other:r----

Just replace with your hostname (name only - no brackets). SD is a bit tricky the way it starts up so if you can please reboot after changing these files.
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Ian Killer_1
Regular Advisor

‎05-17-2002 04:48 AM

‎05-17-2002 04:48 AM

Re: swacl host acl corrupt

Excellent stefan. You solved my corrupt acl problem but now when I try to swinstall I get the following. My acl's are exactly as you wrote them in your reply.

NB: /var/tmp/swagent.log reveals nothing other than that the deamon started.

swinstall -x match_target=true -s /local/users/netman/tar-1.13.25-sd-11.00.depot

======= 05/16/02 14:44:10 WEST BEGIN swinstall SESSION
(non-interactive)

* Session started for user "root@ovmngr12".

* Beginning Selection
* Target connection succeeded for "ovmngr12:/".
* "ovmngr12:/local/users/netman/tar-1.13.25-sd-11.00.depot":
This source is a tape device.
* "ovmngr12:/local/users/netman/tar-1.13.25-sd-11.00.depot":
Cannot open the logfile on this target or source. Possibly
the media is read-only or there is a permission problem.
Check the daemon logfile and "/var/tmp/swagent.log" on this
host for more information.
NOTE: The match operation failed to find software in the source that
matches software on the target.
NOTE: Cannot continue the "swinstall" task.

======= 05/16/02 14:44:22 WEST END swinstall SESSION
(non-interactive)

Where ever the gypsies rome.
0 Kudos
Reply
Mateja Bezjak
Respected Contributor

‎05-17-2002 05:42 AM

‎05-17-2002 05:42 AM

Re: swacl host acl corrupt

Hi Ian,

You can try to omit the -x match_target=true and use this command line:
swinstall -s /local/users/netman/tar-1.13.25-sd-11.00.depot \*

If you want to invoke the GUI, you can leave \* out.

Hope this helps. Regards,
Mateja
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎05-17-2002 05:50 AM

‎05-17-2002 05:50 AM

Re: swacl host acl corrupt

My apologies, Ian. I expect that, since I don't use swacl's, then my attempt to provide you with a virginal copy of the files was of absolutely no use at all. Please forgive my ignorance.

Pete

Pete
0 Kudos
Reply
Ian Killer_1
Regular Advisor

‎05-17-2002 06:42 AM

‎05-17-2002 06:42 AM

Re: swacl host acl corrupt

Mateja...

That made the install advance through the analysis phase, but not the execution. I've attached the appropriate segment of swagent.log. Why does it think the depot is remote?

Pete...
I don't use swacl's either it was just the suggested solution. I'm thinking the original permissions problem has to do with a recent dns installation (i didn't do it) which also may be why it thinks it's remote. The unqualified and qualified hostnames are both resolved by the hosts file and correctly.
Where ever the gypsies rome.
0 Kudos
Reply
Mateja Bezjak
Respected Contributor

‎05-19-2002 11:01 PM

‎05-19-2002 11:01 PM

Re: swacl host acl corrupt

Hi Ian,

Try using the following options. In the /var/adm/sw/defaults file put:

swagent.auto_exit=false
swagentd.rpc_binding_info=ncacn_ip_tcp:[2121]
swinstall.rpc_binding_info=ncacn_ip_tcp:[2121]

Restart the swagentd process by "/usr/sbin/swagentd -r" and run swinstall again.

Regards,
Mateja
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

‎05-20-2002 12:06 AM

‎05-20-2002 12:06 AM

Re: swacl host acl corrupt


Ian, your depot file may be corrupt. Verify the checksum after downloading is correct or try downloading again.
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Wayne Green
Frequent Advisor

‎05-20-2002 02:57 AM

‎05-20-2002 02:57 AM

Re: swacl host acl corrupt

This maybe too late but for info. I was also performing a new install of 11.00 and mucked up. Down to a second network card, fddi which wasn't configured cause the software wasn't loaded. The swinstall hung as did swacl -l host.

I spoke to a HP CE and suggested removing /var/adm/sw/security and recreating the directory and rebooting. The security file is repopulated by swagentd. This worked for 3 servers but not the forth. For this we had to run swinstall in standalone mode by touching /var/adm/sw/standalone and restarting swagent.
I'll have a beer, thanks
0 Kudos
Reply
Ian Killer_1
Regular Advisor

‎05-21-2002 01:47 AM

‎05-21-2002 01:47 AM

Re: swacl host acl corrupt

Since the weekend we no longer see this issue, that's not to say this is over, but I'll get back to you.

Mateja... binding defaults are fine, but I'll keep the auto_exit in mind.

Stephan. Good thinking but not the case.

Wayne... Good to know, and I might have to try this again later, but for now it looks good.

Take care everyone.

ian
Where ever the gypsies rome.
0 Kudos
Reply
Ian Killer_1
Regular Advisor

‎05-21-2002 06:42 AM

‎05-21-2002 06:42 AM

Re: swacl host acl corrupt

Based on a previous forum thread I attempted to fix a problem by modifying the /etc/hosts. I had changed ...

127.0.0.1 localhost loopback
to
127.0.0.1 ovmngr12 loopback.

Which was wrong, and caused the "unable to open on remote host" error when the target is the local machine. This error can be seen in my previous attached log file.

Where ever the gypsies rome.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.