NetWorker: authc_configure.sh gets stuck and when press enter number of times it fails with Error: User nsrtomcat does not have read permission at path /nsr/authc/conf

概要: Running authc_configure.sh script gets stuck and when press enter number of times it fails with message: User nsrtomcat does not have read permission at path /nsr/authc/conf. This Article is an extension of Article Number: 000044255 to detail a situation that is encountered in Red Hat 8 Linux environment and how to resolve it with help of Linux Admin. So go through it before following this article. This Article elaborates more on scenario 1 mentioned in the Article Number: 000044255 ...

この記事は次に適用されます: この記事は次には適用されません: この記事は、特定の製品に関連付けられていません。 すべての製品パージョンがこの記事に記載されているわけではありません。
他のリソースを確認する

現象

Running authc_configure.sh script gets stuck and when press enter number of times it fails with message: User nsrtomcat does not have read permission at path /nsr/authc/conf.


As per Article Number: 000044255 created a script and it also gets stuck and when press enter number of times it fails with same error confirming the issue is at operating system level and has nothing to do with NetWorker.
  
[root@hostname ]# cat check_nsrtomcat.sh
command="[ -r /nsr/authc ]"
su - nsrtomcat -s /bin/sh -c "$command" > /dev/null 2>&1
if [ $? -ne 0 ]
then
echo "ERROR: User nsrtomcat does not have read permission at path /nsr/authc"
fi

[root@hostname ]# ./check_nsrtomcat.sh

ERROR: User nsrtomcat does not have read permission at path /nsr/authc

From root user prompt tried to switch to user nsrtomcat and realized it is prompting for password.
  
[root@hostname ]# su - nsrtomcat
Last failed login: Tue Oct 25 05:42:28 CDT 2022 on pts/0
There were 5 failed login attempts since the last successful login.
This account is currently not available.
[root@hostname]#

原因

Ordering in PAM sudo file which makes switching to different user from root user prompt requesting for password.

解決方法

Below solution should be performed by Linux admin after knowing/understanding the effects of the changes.
Changing ordering in PAM sudo file so from root user prompt if changed to different user it will not ask for password.

1. Create a copy of the origingal /etc/pam.d/su file: 
[root@hostname ]# cd /etc/pam.d
[root@hostname pam.d]# cp su su.orig

2. Edit the file /etc/pam.d/su so that "auth sufficient pam_rootok.so" is reordered.

Below shows file contents before editing. 
[root@hostname pam.d]# cat su
#%PAM-1.0
auth required pam_wheel.so use_uid
authrequiredpam_env.so
auth sufficient pam_wheel.so trust use_uid
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#authsufficientpam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#authrequiredpam_wheel.so use_uid
authsubstacksystem-auth
auth include system-auth
authincludepostlogin
accountsufficientpam_succeed_if.so uid = 0 use_uid quiet
accountincludesystem-auth
passwordincludesystem-auth
sessionincludesystem-auth
sessionincludepostlogin
sessionoptionalpam_xauth.so
Below shows file contents after reordering. 
[root@hostname pam.d]# cat su
#%PAM-1.0
auth            sufficient      pam_rootok.so
auth required pam_wheel.so use_uid
authrequiredpam_env.so
auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to implicitly trust users in the "wheel" group.
#authsufficientpam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#authrequiredpam_wheel.so use_uid
authsubstacksystem-auth
auth include system-auth
authincludepostlogin
accountsufficientpam_succeed_if.so uid = 0 use_uid quiet
accountincludesystem-auth
passwordincludesystem-auth
sessionincludesystem-auth
sessionincludepostlogin
sessionoptionalpam_xauth.so

3. Rerun the authc_configure.sh and it ends successfully with message "The installation completed successfully.”

文書のプロパティ
文書番号: 000204907
文書の種類: Solution
最終更新: 07 11月 2022
バージョン:  1
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。