A fix is available
APAR status
Closed as program error.
Error description
When Role Based Access Control (RBAC) is enabled on AIX 6.1, rcp returns the following error for kerberos non-root user. # rcp <remote system>:file localfile rcmd2: socket: The file access permissions do not allow the specified action. Permission denied. This problem does not occur for local users.
Local fix
Comment rcp entry in /etc/security/privcmds file and run the command setkst. */usr/bin/rcp: * accessauths = ALLOW_ALL * innateprivs = PV_DAC_X,PV_DAC_O,PV_PROC_SIG,PV_NET_CNTL,PV_NET_PORT # setkst Note: The above changes removes the restrictions placed on rcp by RBAC.
Problem summary
When Role Based Access Control (RBAC) is enabled on, running rcp to copy file from remote machine returns the following error for kerberos non-root user, if the authentication method is set to KRB5: # rcp <remote system>:file localfile rcmd2: socket: The file access permissions do not allow the specified action. Permission denied. This problem does not occur for local users.
Problem conclusion
Added code in rcp to acqire appropriate privilege.
Temporary fix
Comments
APAR Information
APAR number
IV48169
Reported component name
AIX 610 STD EDI
Reported component ID
5765G6200
Reported release
610
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Submitted date
2013-09-11
Closed date
2013-09-11
Last modified date
2014-02-17
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
AIX 610 STD EDI
Fixed component ID
5765G6200
Applicable component levels
R610 PSY U859520
UP14/02/17 I 1000
PTF to Fileset Mapping
U859520 bos.net.tcp.client 6.1.8.17
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSLLZP","label":"AIX Standard Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSMV87","label":"AIX 6.1 Enterprise Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSMVAX","label":"AIX Express Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSAUMY","label":"IBM AIX Enterprise Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG11Q","label":"AIX 6.1 HIPERS, APARs and Fixes"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG11R","label":"APARs - AIX 7.1 environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
17 February 2014