13 Replies Latest reply on Jan 14, 2009 1:28 PM by Sankar Mukhopadhyay

    rsu to different user

      in hp box;

      inafpuxpfs03:/prod> rsu -p prod ncp -v FP.txt -h fphpim01 -d /prod

      cp: Unable to access file //fphpim01/~prod: No authorization to access host

      inafpuxpfs03:/prod>

       

      whereas this same command works in every other unix box.

       

      inafpuxpfs03:/prod> rsu -p demo ncp -v FP.txt -h fpedb01 -d /prod

      Copy FP.txt -> //fpedb01/prod/FP.txt ... Done

       

       

      All of them are Solaris whereas the top one in HP. How do I authorize it?

       

       

      Regards,

       

      Sankar

        • 1. Re: rsu to different user
          Bill Robinson

          can you run 'agentinfo ' as the user you are trying to run this as?

           

          also, what's in the users, users.local and exports file on the hpux box?

          • 2. Re: rsu to different user

            Here it is:

            inafpuxpfs03:/prod> nsh

            %cd //fphpim01

            %uname -a

            HP-UX fphpim01 B.11.11 U 9000/800 PA_RISC

            %id

            uid=200(prod) gid=200(prod)

            %agentinfo fphpim01

            fphpim01:

            Agent Release : 7.4.1.2000

            Hostname : fphpim01

            Operating System: HP-UX B.11.11

            User Permissions: 200/200 (prod/prod)

            Security : Protocol=5, Encryption=TLS1

            Host ID : 25B06D79

             

            1. of Processors : 8

            License Status : Licensed for NSH/CM

            %

            **********************************************************************

            %cd /usr/lib/rsc

            %cat exports

            #

            1. Copyright (c) 2001-2007 BladeLogic, Inc.

            2. -- All Rights Reserved --

            #

            1. This file is read by the "rscd" to determine permissions for the given host.

            #

            1. Please read the BladeLogicAdministration.pdf or "exports" man page for details

            2. on how to use this file.

            #

            • rw

            %

            ******************************************************************

            %cat users

            #

            1. Copyright (c) 2001-2007 BladeLogic, Inc.

            2. -- All Rights Reserved --

            #

            1. This file contains a list of user permission overrides. The permissions

            2. defined in this file will override any associated permissions defined in the

            3. "exports" file.

            #

            1. Please read the BladeLogicAdministration.pdf or "users" man page for details

            2. on how to use this file.

            #

            SCM_Unix:mshakelli rw,map=prod

            SCM_Unix:Sankar rw,map=fnsw

            SCM_Unix:akumar rw,map=prod

            SCM_Unix:abalakri rw,map=prod

            SCM_Unix:wlachman rw,map=prod

            SCM_Unix:sunita rw,map=prod

            %

            *********************************************************************

            %cat users.local

            #

            1. Copyright (c) 2001-2007 BladeLogic, Inc.

            2. -- All Rights Reserved --

            #

            1. This file contains a list of user permission overrides. The permissions

            2. defined in this file will override any associated permissions defined in the

            3. "exports" or "users" file.

            #

            1. Please read the BladeLogicAdministration.pdf for details on how to use this

            2. file.

            #

            #BLAdmins:BLAdmin rw,map=fnsw

            BLAdmins:* rw,map=fnsw

            #prod rw,map=fnsw

            rsu=prod

            %

             

            Thanks,

            Sankar

            • 3. Re: rsu to different user
              Bill Robinson

              is the agent on the hpux box installed/running as root (and the other boxes)?

              • 4. Re: rsu to different user
                Bill Robinson

                and, is there anything in the agent log on the hpux box - /usr/nsh/log/rscd.log is the default, or do a 'bllogman list ' in nsh.

                • 5. Re: rsu to different user

                  In this box rsu works and we have:

                   

                  %ps -ef|grep rscd

                  root 716 714 0 Jun 16 ? 0:04 bin/rscd

                  root 715 714 0 Jun 16 ? 0:02 bin/rscd

                  root 714 1 0 Jun 16 ? 0:00 bin/rscd

                  prod 3255 716 0 12:31:36 ? 0:00 bin/rscd

                  prod 3257 716 0 12:31:36 ? 0:00 bin/rscd

                  root 3256 716 0 12:31:36 ? 0:00 bin/rscd

                  prod 3254 716 0 12:31:28 ? 0:00 bin/rscd

                   

                  In this box rsu doesn't work and we have:

                   

                  %cd //fphpim01

                  %ps -ef|grep rscd

                  root 1484 1479 2 Nov 1 ? 0:00 bin/rscd

                  root 1483 1479 0 Nov 1 ? 0:00 bin/rscd

                  root 1479 1 0 Nov 1 ? 0:00 bin/rscd

                  root 9857 1484 9 12:31:57 ? 0:00 bin/rscd

                  prod 9858 1484 9 12:31:57 ? 0:00 bin/rscd

                  prod 9856 1484 8 12:31:57 ? 0:00 bin/rscd

                  prod 9855 1484 0 12:31:49 ? 0:00 bin/rscd

                  • 6. Re: rsu to different user

                    fphpim01> pwd

                    /prod/bladelogic/log

                    fphpim01> tail -1000f rscd.log

                    aeaa87d26fa8a7570b1b 0000000001 11/30/08 22:01:22.735 INFO1 rscd - 172.22.70.68 14598 7508/84 (BLAdmins:BLAdmin): CM: > Retrieving property values

                    af67562b22b546c3f1d9 0000000002 12/01/08 10:47:15.140 INFO rscd - 172.22.70.68 13624 200/200 (prod): agentinfo: agentinfo fphpim01

                    efcf8d15fbb9210facfc 0000000003 12/01/08 10:47:35.915 INFO rscd - 172.22.70.68 13625 200/200 (prod): nsh: nsh

                    30e463c8b42f05037366 0000000004 12/01/08 10:47:47.987 INFO rscd - 172.22.70.68 13626 200/200 (prod): agentinfo: agentinfo -D //fphpim01/ fphpim01

                    7de46557c46b92297de8 0000000005 12/01/08 10:48:05.853 INFO rscd - 172.22.70.68 13641 200/200 (prod): nsh: nsh

                    93fa5ea1780596459d70 0000000006 12/01/08 10:49:22.863 INFO rscd - 172.22.70.68 14034 200/200 (prod): nsh: nsh

                    b601e129ecc6100ac604 0000000007 12/01/08 10:49:23.016 INFO rscd - 172.22.70.68 14035 200/200 (prod): ls: ls -D //fphpim01/prod/bladelogic -ld Doc/ Transactions/ _uninst/ bin/ conf/ files/ lib/ log/ man/ sbin/ share/ snapshot/ tmp/

                    214a31cfa2fb44e8ee12 0000000008 12/01/08 10:49:23.123 INFO rscd - 172.22.70.68 14036 200/200 (prod): ls: ls -D //fphpim01/prod/bladelogic -ld Doc/ Transactions/ _uninst/ bin/ conf/ files/ lib/ log/ man/ sbin/ share/ snapshot/ tmp/

                    04a7fa04f75f307bf2c6 0000000009 12/01/08 10:49:28.248 INFO rscd - 172.22.70.68 14234 200/200 (prod): ls: ls -D //fphpim01/prod/bladelogic/sbin -ltr

                    a971366656564370f6d9 0000000010 12/01/08 10:49:28.341 INFO rscd - 172.22.70.68 14240 200/200 (prod): ls: ls -D //fphpim01/prod/bladelogic/sbin -ltr

                    ada66b6419ea0f5dfe92 0000000011 12/01/08 10:49:46.969 INFO rscd - 172.22.70.68 14287 200/200 (prod): agentinfo: agentinfo -D //fphpim01/prod/bladelogic/sbin

                    1f25e745275550a48dec 0000000012 12/01/08 10:50:06.020 INFO rscd - 172.22.70.68 14372 200/200 (prod): nsh: nsh

                    f4b8efc6830ab5ea42bf 0000000013 12/01/08 10:50:07.682 INFO rscd - 172.22.70.68 14373 200/200 (prod): nsh: nsh

                    03b389bcaa759ae0ce8f 0000000014 12/01/08 10:50:39.895 INFO rscd - 172.22.70.68 14389 200/200 (prod): nsh: nsh

                    fc5d922b359e500391ff 0000000015 12/01/08 10:54:16.274 INFO rscd - 172.22.70.68 14767 200/200 (prod): nsh: nsh

                    2512b1fb61b186d06d50 0000000016 12/01/08 10:54:25.461 INFO rscd - 172.22.70.68 14981 200/200 (prod): uname: uname -D //fphpim01/ -a

                    d1e8c4f744f1f64bd677 0000000017 12/01/08 10:54:29.846 INFO rscd - 172.22.70.68 14982 200/200 (prod): nsh: nsh

                    fcc5646de73ab614b7ea 0000000018 12/01/08 10:54:44.159 INFO rscd - 172.22.70.68 15077 200/200 (prod): agentinfo: agentinfo -D //fphpim01/ fphpim01

                    05f9e2ca1bc184f97c2f 0000000019 12/01/08 10:55:45.694 INFO rscd - 172.22.70.68 15431 200/200 (prod): cat: cat -D //fphpim01/usr/lib/rsc exports

                    6173589e546d461e67b0 0000000020 12/01/08 10:56:18.057 INFO rscd - 172.22.70.68 15621 200/200 (prod): cat: cat -D //fphpim01/usr/lib/rsc users

                    d9a4d833cd268a899e04 0000000021 12/01/08 10:57:15.487 INFO rscd - 172.22.70.68 15645 200/200 (prod): cat: cat -D //fphpim01/usr/lib/rsc users.local

                    4edf6a839c107c88cdc4 0000000022 12/01/08 22:01:41.360 INFO1 rscd - 172.22.70.68 24583 7508/84 (BLAdmins:BLAdmin): CM: > Retrieving property values

                    5b49d2b0960ee5b00184 0000000023 12/02/08 22:01:41.865 INFO1 rscd - 172.22.70.68 5046 7508/84 (BLAdmins:BLAdmin): CM: > Retrieving property values

                    a133930f70de470c258b 0000000024 12/03/08 22:01:40.345 INFO1 rscd - 172.22.70.68 18474 7508/84 (BLAdmins:BLAdmin): CM: > Retrieving property values

                    9c80b84063d0096f9ce8 0000000025 12/04/08 12:31:50.071 INFO rscd - 172.22.70.68 9855 200/200 (prod): nsh: nsh

                    8833c0ee61d9bf6a7ca9 0000000026 12/04/08 12:31:57.467 INFO rscd - 172.22.70.68 9856 200/200 (prod): grep: grep -D //fphpim01/ rscd

                    7fa6140fd2725d5c87f8 0000000027 12/04/08 12:31:57.485 INFO rscd - 172.22.70.68 9857 200/200 (prod): ps: ps -D //fphpim01/ - -ef

                    d5a06951f97dc5695acd 0000000028 12/04/08 12:31:57.592 INFO rscd - 172.22.70.68 9858 200/200 (prod): ps: ps -D //fphpim01/ - -ef

                    e830a4d3e1ff5cf75e78 0000000029 12/04/08 12:31:57.601 INFO1 rscd - 172.22.70.68 9858 200/200 (prod): ps: > 01010 Execute remote command: ps -ef

                    • 7. Re: rsu to different user
                      Bill Robinson

                      it looks like there are 2 agents running on each box, 1 as root and the other as 'prod' - is that the case? if it is, what ip is each running on ? (netstat -na | grep 4750)

                      • 8. Re: rsu to different user

                        On this box, rsu works and it has:

                        inafpuxedb01> ps -ef|grep rscd

                        root 716 714 0 Jun 16 ? 0:04 bin/rscd

                        root 715 714 0 Jun 16 ? 0:02 bin/rscd

                        root 714 1 0 Jun 16 ? 0:00 bin/rscd

                        smuk 2877 2710 0 12:02:59 pts/6 0:00 grep rscd

                        inafpuxedb01> netstat -an|grep 4750

                        *.4750 . 0 0 65928 0 LISTEN

                        inafpuxedb01>

                         

                        On this box rsu doesn't work and it has:

                        fphpim01> ps -ef|grep rscd

                        root 1484 1479 0 Nov 1 ? 0:00 bin/rscd

                        root 1483 1479 0 Nov 1 ? 0:00 bin/rscd

                        root 1479 1 0 Nov 1 ? 0:00 bin/rscd

                        smuk 19090 19026 1 12:05:11 pts/1 0:00 grep rscd

                        fphpim01> netstat -an|grep 4750

                        tcp 0 0 *.4750 . LISTEN

                        fphpim01>

                         

                        Thanks

                        • 9. Re: rsu to different user
                          Bill Robinson

                          i'm confused then because in a previous post you had a ps listing showing:

                          -


                          %ps -ef|grep rscd

                          root 716 714 0 Jun 16 ? 0:04 bin/rscd

                          root 715 714 0 Jun 16 ? 0:02 bin/rscd

                          root 714 1 0 Jun 16 ? 0:00 bin/rscd

                          prod 3255 716 0 12:31:36 ? 0:00 bin/rscd

                          prod 3257 716 0 12:31:36 ? 0:00 bin/rscd

                          root 3256 716 0 12:31:36 ? 0:00 bin/rscd

                          prod 3254 716 0 12:31:28 ? 0:00 bin/rscd

                           

                          In this box rsu doesn't work and we have:

                           

                          %cd //fphpim01

                          %ps -ef|grep rscd

                          root 1484 1479 2 Nov 1 ? 0:00 bin/rscd

                          root 1483 1479 0 Nov 1 ? 0:00 bin/rscd

                          root 1479 1 0 Nov 1 ? 0:00 bin/rscd

                          root 9857 1484 9 12:31:57 ? 0:00 bin/rscd

                          prod 9858 1484 9 12:31:57 ? 0:00 bin/rscd

                          prod 9856 1484 8 12:31:57 ? 0:00 bin/rscd

                          prod 9855 1484 0 12:31:49 ? 0:00 bin/rscd

                          -


                           

                          which made me thing you were connecting to the wrong agent (the one running under 'prod' and not 'root'.

                           

                          can you tail the rscd.log on the broken box and run the rsu again and post that segment of the log. i could not make out any connection attempts in your post w/ the rscd.log.

                          • 10. Re: rsu to different user

                            Here it is:

                            inafpuxpfs03:/prod> rsu -p prod ncp -v FP.txt -h fphpim01 -d /prod

                            cp: Unable to access file //fphpim01/prod: No authorization to access host

                            inafpuxpfs03:/prod>

                             

                             

                            here is the rscd log

                            2a2aa2231301eab94354 0000000043 12/17/08 15:37:42.647 WARN rscd - 172.22.70.68 16518 200/200 (prod): cp: Host not authorized

                            6f02ae2ac981e4801568 0000000044 12/17/08 15:37:42.737 WARN rscd - 172.22.70.68 16519 200/200 (prod): cp: Host not authorized

                            1c1757b22623a5fe969d 0000000045 12/17/08 15:37:42.824 WARN rscd - 172.22.70.68 16520 200/200 (prod): cp: Host not authorized

                            3bc3bee9eb47b0d04883 0000000046 12/17/08 15:37:42.913 WARN rscd - 172.22.70.68 16521 200/200 (prod): cp: Host not authorized

                             

                            Also,

                             

                            rscd agent is running as this:

                             

                            fphpim01:[prod]</prod/bladelogic/log> ps -ef|grep rscd

                            root 1484 1479 0 Nov 1 ? 0:00 bin/rscd

                            root 1483 1479 0 Nov 1 ? 0:00 bin/rscd

                            root 1479 1 0 Nov 1 ? 0:00 bin/rscd

                            prod 17321 16199 1 15:40:09 pts/0 0:00 grep rscd

                            fphpim01:[prod]</prod/bladelogic/log>

                             

                            On the box that works is this:

                            inafpuxedb01> ps -ef|grep rscd

                            root 716 714 0 Jun 16 ? 0:04 bin/rscd

                            root 715 714 0 Jun 16 ? 0:02 bin/rscd

                            root 714 1 0 Jun 16 ? 0:00 bin/rscd

                            smuk 14735 14721 0 15:41:34 pts/3 0:00 grep rscd

                            inafpuxedb01>

                             

                            Thanks,

                            • 11. Re: rsu to different user
                              Bill Robinson

                              the log message:

                               

                              WARN rscd - 172.22.70.68 16521 200/200 (prod): cp: Host not authorized

                               

                              tells me that something is not correct in the users, exports or users.local files on the fphpim01 box.

                               

                              is the syntax in your users.local file the same as what is on a box that works correctly?

                               

                              i see a line:

                              rsu=prod

                               

                              but i think you need to have that associated w/ a client user - so like:

                               

                              prod rw,rsu=prod

                              • 12. Re: rsu to different user

                                In the box, that works has no rsu reference.For example in the box that works:

                                users.local file:

                                BLAdmins:BLAdmin rw,map=demo

                                #BLAdmins:BLAdmin rw,map=root

                                #prod rw,map=demo

                                #prod rsu=demo

                                #test

                                %

                                 

                                users file:

                                 

                                SCM_Unix:mshakelli rw,map=prod

                                SCM_Unix:Sankar rw,map=prod

                                SCM_Unix:akumar rw,map=prod

                                SCM_Unix:abalakri rw,map=prod

                                SCM_Unix:wlachman rw,map=prod

                                SCM_Unix:sunita rw,map=prod

                                %

                                 

                                and exports file:

                                 

                                • rw

                                Originall fphpim01, did not have the rsu line. But Out of desperation, i added that. If the syntax is wrong, I will add the syntax on this mai and see if it works.

                                 

                                Thanks

                                • 13. Re: rsu to different user

                                  Hi,

                                  after adding this as you suggested in users.local file,

                                  prod rw,rsu=prod

                                   

                                  I have been able to rsu .

                                   

                                  inafpuxpfs03:/prod> rsu -p prod ncp -v FP.txt -h fphpim01 -d /prod

                                  Copy FP.txt -> //fphpim01/prod/FP.txt ... Done

                                  inafpuxpfs03:/prod>

                                   

                                  Thought the mystery remains why I don't need the above syntax where it works. in fpedb01, I don't have

                                  demo rw,rsu=demo

                                  But it works there.

                                   

                                  Anyway, it seems to be fine now.

                                   

                                  Thx,

                                   

                                  Sankar