IBM Support

IV40170: ERRORS WHILE INSTALLING UX AGENT USING NON-ROOT USER

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Errors while installing Unix OS agent using non-root user.
    
    Recreate Steps:
    
    1. Installed, configured and started ITM 623 GA Unix OS agent
       on Solaris using non-root user.
    2. While upgrading Unix OS agent to 623 FP2 using non-root user,
       upgrade failed with the following error:
    install.sh warning: The userid associated with the "ux" product
     code and "411" process id does not match the current user,
    continuing ...
    install.sh failure: KCI0245E A running process(s) was detected
    whose associated userid does not match the current userid. The
    install will be aborted.
    
    3. After stopping the Unix OS agent first, the upgrade
       using non-root user failed with the following error, even
       when the correct root password is supplied:
    Root-owned files have been found. Before continuing with this
    installation, the owner of these files should be changed to
    "itmuser". This change will be done automatically if you type
    the root password below:
     KCIIN2363E ERROR - the password is incorrect.
     Do you want to try another password [ 1=Yes, 2=No ; default is
    "1" ] ? 1
     KCIIN2363E ERROR - the password is incorrect.
     Do you want to try another password [ 1=Yes, 2=No ; default is
    "1" ] ?
     KCIIN2363E ERROR - the password is incorrect.
     Do you want to try another password [ 1=Yes, 2=No ; default is
    "1" ] ? 2
    
    4. After fixing the file onwership first, the upgrade was
       successful.
    5. When configuring the Unis OS agent using non-root user, at
       the end of the configuration, the following error is
       displayed:
    KCIIN2569E ERROR: You are not running as root, and rexec is not
    enabled on this machine, so your machine boot scripts cannot be
    updated automatically for you. Please re-run this configuration
    session as root, or please manually run
    /ash_623fp2_nonroot/bin/UpdateAutoRun.sh
    as root Agent configuration completed...
    Would you like to restart the component to allow new
    configuration to take effect? [1=Yes, 2=No] (Default is: 1): 1
    Component can not be managed due to insufficient privileges
    

Local fix

Problem summary

  • 1) Attempting to upgrade as a nonroot user on a Solaris system
    after "SetPerm -a" or "secureMain lock" have been executed and
    the OS agent is running fails with messages similar to the
    following:
    
    install.sh warning: The userid associated with the "ux" product
    code and "411" process id does not match the current user,
    continuing ...
    install.sh failure: KCI0245E A running process(s) was detected
    whose associated userid does not match the current userid. The
    install will be aborted.
    
    2) Attempting to upgrade as a nonroot user on a UNIX system
    after "SetPerm -a" or "secureMain lock" have been executed and
    the OS agent is not running and the REXEC service is not running
    fails with messages similar to the following for any password
    entered, even the correct password:
    
    Root-owned files have been found. Before continuing with this
    installation, the owner of these files should be changed to
    "itmuser".
    This change will be done automatically if you type the root
    password below:
    KCIIN2363E ERROR - the password is incorrect.
    Do you want to try another password [ 1=Yes, 2=No ; default is
    "1" ] ? 1
    
    3) After configuring the OS agent as a nonroot user on a UNIX
    system after "SetPerm -a" or "secureMain lock" have been
    executed displays a message similar to the following:
    
    KCIIN2569E ERROR: You are not running as root, and rexec is not
    enabled on this machine, so your machine boot scripts cannot be
    updated automatically for you. Please re-run this configuration
    session as root, or please manually run
    /opt/IBM/ITM/bin/UpdateAutoRun.sh as root Agent configuration
    completed...
    
    4) After configuring the OS agent as a nonroot user on a UNIX
    system after "SetPerm -a" or "secureMain lock" have been
    executed and the OS agent is running displays a message similar
    to the following:
    
    Would you like to restart the component to allow new
    configuration to take effect? [1=Yes, 2=No] (Default is: 1): 1
    Component can not be managed due to insufficient privileges
    
    5) When running "cinfo -r" on a Solaris or Linux system with the
    UNIX Logs agent installed user after "SetPerm -a" or "secureMain
    lock" have been executed shows the process as started by root
    instead of the nonroot user.
    
    6) When running "itmcmd manage" as a nonroot user and attempting
    to stop the OS agent after it has been started by the same
    nonroot user after "SetPerm -a" or "secureMain lock" have been
    executed displays a popup message similar to the following:
    
    Component can not be managed due to insufficient privileges
    

Problem conclusion

  • 1) The code has been modified to always use the 'real' user
    instead of the 'effective' user when determining whether an
    agent can be stopped.
    2) The code has been modified to attempt the SSH and RSH
    connection protocols in addition to the REXEC connection
    protocol for root subshell processing. This allows greater
    chance of success since one of the protocols is enabled to allow
    remote access to the endpoint.
    3) The code has been modified to always use the 'real' user
    instead of the 'effective' user when displaying the status of
    running processes.
    
    The fix for this APAR is contained in the following maintenance
    packages:
    | fix pack | 6.2.3-TIV-ITM-FP0005
    | fix pack | 6.3.0-TIV-ITM-FP0003
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV40170

  • Reported component name

    OMEG DIST INSTA

  • Reported component ID

    5608A41CI

  • Reported release

    623

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-04-18

  • Closed date

    2014-05-05

  • Last modified date

    2014-05-29

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    OMEG DIST INSTA

  • Fixed component ID

    5608A41CI

Applicable component levels

  • R623 PSY

       UP

[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"623"}]

Document Information

Modified date:
30 December 2022