Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-1547333.1
Update Date:2018-03-01
Keywords:
Solution Type  Problem Resolution Sure

Solution  1547333.1 :   XSCF commands fail with 'Permission denied' error message  

Related Items 
    

  • Sun SPARC Enterprise M4000 Server
    •  
  • Sun SPARC Enterprise M9000-32 Server
    •  
  • Sun SPARC Enterprise M5000 Server
    •  
  • Sun SPARC Enterprise M8000 Server
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>SPARC>Enterprise>SN-SPARC: Mx000
    •  




Unable to execute various XSCF commands:
XSCF> console -d 0
Permission denied.

In this Document
Symptoms
Cause
Solution
References

Created from <SR 3-7071392241>

Applies to:

Sun SPARC Enterprise M8000 Server - Version All Versions to All Versions [Release All Releases]
Sun SPARC Enterprise M9000-32 Server - Version All Versions to All Versions [Release All Releases]
Sun SPARC Enterprise M5000 Server - Version All Versions to All Versions [Release All Releases]
Sun SPARC Enterprise M4000 Server - Version All Versions to All Versions [Release All Releases]
Oracle Solaris on SPARC (64-bit)

Symptoms

When attempting to run various commands on the XSCF an error message may report 'Permission denied':

Example
XSCF> console -d 0
Permission denied.

Cause

This indicates that the current user account doesn't have the privileges to execute the command.

The privileges required to execute a specific command are listed in the command's man page. For example:

XSCF> man console           

System Administration                                  console(8)

NAME
     console - connect to a domain console

SYNOPSIS
     console [ [-q]   -{y|n}]   -d domain_id   [  -f  |  -r]  [-s escapeChar]

<snip>

  Privileges
     You must have one of the following privileges  to  run  this command: 
     platadm, platop, fieldeng
         Can run this command for all domains.
     domainadm, domainmgr, domainop
         Can run this command only for your accessible domains.

To execute the console command you need platadm, platop or fieldeng or domainadm, domainmgr or domainop if the account is restricted to accessing certain domains. You don't need any privileges to run the man command.

To check the current user's privileges execute the showuser -p command:

XSCF> showuser -p          
User Name:         platadm
Privileges:        None

in the above example the current user platadm has no privileges.

This situation can occur when a user executes setprivileges against a user account with no other parameters:

Example, DO NOT RUN THIS COMMAND
XSCF> setprivileges platadm
Local privilege list for platadm has been cleared.

After this has been run, that user account won't be able to execute any privileged commands such as console.

Significantly, to resolve this issue the privileges for this account need to be reinstated, which requires executing setprivileges, but the current user, platadm, no longer has the useradm privilege required to run this command:

XSCF> setprivileges platadm useradm platop platadm mode fieldeng auditadm
Permission denied.

Solution

If you can access the XSCF using another normal account with the useradm privilege you can reinstate the privilieges:

XSCF> setprivileges platadm useradm platop platadm mode fieldeng auditadm
Permission denied.

If cannot access the XSCF using another normal account, you will need to login as the default user. This requires physical access to the platform.

  1. Connect a terminal or laptop to the serial port of the XSCF.
  2. Login as the default user
  3. You will be prompted to toggle the Operator Panel MODE switch (keyswitch) on the front of the system and press return:
    login: default
    Change the panel mode switch to Service and press return...
    Leave it in that position for at least 5 seconds.  Change the panel mode switch to Locked, and press return...
     
  4. Correct the privileges on the required account :
    Example
    XSCF> setprivileges platadm useradm platadm auditadm
     
  5. Verify the account has the correct permissions :

    Example
    XSCF> showuser platadm
    User Name:         platadm
    UID:               100
    Status:            Enabled
    Minimum:           0
    Maximum:           99999
    Warning:           7
    Inactive:          -1
    Last Change:       Oct 21, 2008
    Password Expires:  Never
    Password Inactive: Never
    Account Expires:   Never
    Privileges:        useradm
                       platadm
                       auditadm
  6. Exit the default login:
    XSCF> exit
     
  7. You should now log back in using the required account and confirm the original command can be run:
    Example
    XSCF> console -d 0

    Console contents may be logged.
    Connect to DomainID 0?[y|n] :

References

<NOTE:1297895.1> - Sun SPARC(R) Enterprise M3000/M4000/M5000/M8000/M9000 (OPL) Servers: How to reset XSCF password
SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers Administration Guide E21618

Attachments 
This solution has no attachment
  Copyright © 2018 Oracle, Inc.  All rights reserved.
 Feedback