10 Replies Latest reply on Dec 20, 2010 5:01 PM by Barry McQuillan

    Default permissions on the server object of the BLApp server

      Morning all,


      This may seem like a silly question :-)

      But could someone please advise what the permissions on a BLAppServer server object should be?


      I know that the users and users.local should be blank and the exports should be


      *   rw, user=root


      But when I try and run a BLCLI script as anything except BLAdmin I get:

      com.bladelogic.mfw.util.AccessDeniedException: Access  Denied Server.ExecuteNSHScript on <BLAppserver>

      I had a thought last night and when I check permissions on the server object I have:

      wlgl-05760%  blcli_execute Server showPermissions u-pr-065
      Everyone         Server.Read
      BLAdmins        Server.*
      BLAdmins         Server.ModifyACL
      BLAdmins        Server.Discover
      BLAdmins         Server.Audit
      BLAdmins        Server.Browse
      BLAdmins         Server.Decommission
      BLAdmins        Server.Deploy
      BLAdmins         Server.Read
      BLAdmins        Server.Snapshot
      BLAdmins         Server.Modify
      BLAdmins        Server.ModifyProperties
      BLAdmins         Server.StartService
      BLAdmins        Server.StopService
      BLAdmins         Server.FileDelete
      BLAdmins        Server.FileModify
      BLAdmins         Server.ExecuteNSHScript
      BLAdmins        Server.PushACL
      BLAdmins         Server.FileCreate
      BLAdmins         Server.BMC_UnixDaemon_stop
      BLAdmins         Server.BMC_UnixDaemon_start
      BLAdmins         Server.BMC_UnixDaemon_restart
      BLAdmins         Server.BMC_UnixDaemon_reload
      BLAdmins         Server.BMC_UnixDaemon_start_with_dependencies
      BLAdmins         Server.BMC_UnixProcess_kill
      BLAdmins         Server.BMC_UnixUser_updatePassword
      BLAdmins         Server.BMC_UnixUser_setPasswordState
      TCL_UNIX_ADMIN   Server.*
      TCL_ESS_Developers      Server.Read


      I know that these are incorrect and I also know that early on ACL's were pushed to ALL servers in error.

      What I'm not sure of is what "THEY SHOULD BE" :-)


      Please help.