What is the default umask set to on the jumpstart server? (usually in /etc/profile, /etc/bashrc, or in $HOME/.profile or something like that)
umask = 022
Actually, try this - as a user mapped to root on the jumpstart server create a file over nsh - like 'touch // sh -c 'umask'
If files are created 700 or 600 your umask is probably 077
-rw-r--r-- 1 root root 0 May 18 14:30 test1
when i run umask right from command i get 0022
wow, so the forum screwed up my post.
so something is writing your files w/ the 600 permissions, that's usually the umask. i'd assume that's coming through via the agent user mapping.
I was trying to get you to run a
nexec <jumpstart box> sh -c 'umask'
to see what happened, it loks like you did that and the file was 644 and the umask was 022?
i don't think we change the acls at all when we write the various files.
after i ran that command and then i went to the terminal window and ran umask and it came back with 0022.
those other files like begin.sh have the correct permissions however profile has the incorrect ones i'm assuming. even if i change the perms on the profile file and then re-run the job the file gets over written. So for now as soon as the job starts file gets copied and then i manually change the perms prior to the target machine accessing the jumpstart server.
these are all bad i think:
-rwx------ 1 root root 449 May 18 08:39 nsh-install-defaults
-rwx------ 1 root root 132 May 18 08:39 profile
-rwx------ 1 root root 32 May 18 08:39 rules
-rwx------ 1 root root 217 May 18 08:39 sysidcfg
afaik, the appserver -> agent -> local file system is how those files are created. (except the nsh-install-defaults, that should be copied from the /jumpstart/BladeLogic directory). so i'm not sure what's going on there.
if you run the prov job again does it do the same thing? it's weird that you can create 644 files via the agent but not when it's via the appserver.
maybe the umask on the appserver is what is more restrictive and it's creating those files in a temp dir on the appserver as 600 and then copying them over like that?
yes, if we were to modify the file again and then run the provision job it does the exact same thing. It would over right the files I modified. Appserver umask is also 0022.
Do you know what directory they are copied to in the Appserver? i know under /opt/bmc/BladeLogic/8.0/NSH there is a tmp directory where it looks like it has the addinstall client and rules files but couldnt find where the profile file gets written too.
1 of 1 people found this helpful
if they are copied it would be from somewhere on the appserver, to the agent. we should be auto-generating those files, then we run the check script, then the add install client. maybe the check or the add install client is doing something? i'm trying to think of all the steps for those files to get put in place.
the files would likely be put in on the appserver, if that's how it works, but they will be removed pretty quick i think.
is there something special i need to do in my users.local file that maybe i'm missing.
I'm running this as a BLAdmin and here is entry i have in my users.local
that should be fine?
1 of 1 people found this helpful
That should be fine. That's on the jumpstart box?
on the jumpstart i just have
After submitting a ticket to BMC it was discovered that the NFS did not have the correct options set.
running exportfs the jumpstart directory had the below perms.
- /export/jumpstart ro ""
After making some modfications on the jumpstart directory and adding anon=0 the jumpstart provisiong was succesful.
- /export/jumpstart ro,anon=0 ""