IBM Support

PI80958: RUNNING STEP WITH IMPERSONATION AND SU FAILS TO EXECUTE CHMOD COMMAND

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • If impersonation is configured with su, and the user that runs
UrbanCode Deploy Agent
can execute the command:

chown other_user /opt/ibm-ucd/agent/var/temp/tempfile.sh

where "other_user" is the user being impersonated, but it cannot
execute the command:

chmod 700 /opt/ibm-ucd/agent/var/temp/tempfile.sh

for a file already owned by "other"user", then impersonation
will fail, resulting in a failure to execute the step.

The real cause of the failure can only be detected after
enabling the following traces in the Agent file:
/opt/ibm-ucd/agent/conf/log4j.properties

log4j.logger.com.urbancode.shell=TRACE
log4j.logger.com.urbancode.air.plugin_command.runtime=TRACE
log4j.com.urbancode.shell.impersonation.unix=DEBUG

In the case of an agent running on z/OS the error would look
like this:


2017-03-20 11:24:17,720 DEBUG PluginRuntimeServer-exec-worker-0
com.urbancode.shell.Shell - Executing shell as waadmin
2017-03-20 11:24:17,755 DEBUG PluginRuntimeServer-exec-worker-0
com.urbancode.shell.impersonation.unix.UnixImpersonateCommand -
Impersonation chown failed for script: chmod: FSUM6180 file
"/opt/ibm-ucd/agent/var/temp/command-script-4179870045.sh":
EDC5139I Operation not permitted.
2017-03-20 11:24:17,755 DEBUG PluginRuntimeServer-exec-worker-0
com.urbancode.shell.impersonation.unix.UnixImpersonateCommand -
Applying chmod 511 to temp script
2017-03-20 11:24:17,760 ERROR PluginRuntimeServer-exec-worker-0
com.urbancode.shell.Shell -
com.urbancode.commons.util.processes.ProcessException: (1)
chmod: FSUM6180 file
"/opt/ibm-ucd/agent/var/temp/command-script-4179870045.sh":
EDC5139I Operation not permitted.

Local fix

  • Not available

Problem summary

  • ****************************************************************
* USERS AFFECTED:                                              *
* ALL                                                          *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* If impersonation is configured with su, and the user that    *
* runs                                                         *
* UrbanCode Deploy Agent                                       *
* can execute the command:                                     *
*                                                              *
* chown other_user /opt/ibm-ucd/agent/var/temp/tempfile.sh     *
*                                                              *
* where "other_user" is the user being impersonated, but it    *
* cannot                                                       *
* execute the command:                                         *
*                                                              *
* chmod 700 /opt/ibm-ucd/agent/var/temp/tempfile.sh            *
*                                                              *
* for a file already owned by "other"user", then impersonation *
* will fail, resulting in a failure to execute the step.       *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************

Problem conclusion

  • fixed in 6.2.5.0

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PI80958
    • 

  • Reported component name
    UC DEPLOY
    • 

  • Reported component ID
    5725M5400
    • 

  • Reported release
    620
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2017-05-03
    • 

  • Closed date
    2017-07-27
    • 

  • Last modified date
    2017-07-27
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    UC DEPLOY
    • 

  • Fixed component ID
    5725M5400
    • 



Applicable component levels


    

  • R624  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS4GSP","label":"IBM UrbanCode Deploy"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"620","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            27 July 2017
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback