2 Replies Latest reply on Mar 25, 2013 9:59 AM by Philippe Le Coq

    Script Type non-NSH script : not authorized to run this command rc 200

    Philippe Le Coq





      I create a TEST_NSH_SCRIPT with command "date" with script Options : Copy and execute the script against each host separately (for non-NSH scripts)


      and with minimal ACL ==> CL-SOLVA000:plecoq                      rw,map=root


      (CL-SOLVA000 = my role , plecoq = my user)


      Job it's OK ==> Result is ==> Info Feb 18, 2013 11:46:16 AM Mon Feb 18 11:46:16 CET 2013


      but with ACL (all commands authorized) when I push Update ACL :


      CL-SOLVA000:plecoq                      rw,map=root,commands=CM:a2ps:agentinfo:agrep:awk:blkeylogman:blquery:bunzip2:bzcat:bzip2:bzip2recover:cat:chapw:chgrp:chmod:chown:cksum:cmp:colrm:column:comm:compress:convert:cp:cut:dd:df:diff:dsync:du:echo:edit:egrep:elvis:ex:expand:fgrep:file:find:fnmatch:fold:funzip:getlic:grep:gunzip:gzcat:gzip:head:hexdump:hgrep:hostname:input:join:kill:l:lam:lc:less:lf:link:ln:logman:lr:ls:lv:lx:md5sum:mkdir:mkfifo:mknod:more:mv:ncp:ndircmp:ndsync:nlogin:nohup:nsh:nshopt:nshpath:ntop:nukecert:nunzip:od:order:paste:pax:pkgadd:pr:prune:putcert:putlic:redi:renice:rm:rmdir:rsu:runcmd:runscript:scriptutil:sed:sort:split:strings:su:sum:tail:tar:tcptunnel:tee:test:touch:tr:uname:uncompress:uncp:unexpand:uniq:unlink:unzip:unzipsfx:update:uudecode:uuencode:vi:view:vsh:vshview:vtree:wc:xd:zcat:zip:zipinfo:zipnote:zipsplit:nexec:agentctl:arp:bldeploy:blpatchcheck2:blprops:blquery:bltargetjobmanager:complus_scan:df:discovery:drives:finger:halt:ifconfig:instfix:iostat:ipconfig:kmtune:lsfs:lslpp:mem:metabase_scan:modinfo:modload:modunload:mount:nbtstat:net:netstat:nexec:nfsstat:pagesize:pgrep:pkgadd:pkginfo:pkill:prtconf:ps:reboot:reg_scan:rpm:showfixes:showprogs:showrev:size:start:status:swap:swlist:sysdef:umount:uptime:who:win_acl:winsvc:xbiff:xterm


      I have this error : Error Feb 18, 2013 11:46:16 AM Not authorized to run this command


      Question :


      How I authorize this script ?



        • 1. Re: Script Type non-NSH script : not authorized to run this command rc 200
          Bill Robinson

          any command you will nexec or run in nsh needed to be added to the 'commands' list.


          can you attach your script and the entire job run log ?

          • 2. Re: Script Type non-NSH script : not authorized to run this command rc 200
            Philippe Le Coq

            Hi Philippe,


            I have received a confirmation from the Product Management team. The use case is a shortcoming/limitation of the product and not a defect/bug in the product. Below is the explaination as to why is this case a limitation and how the product designed to work:



            Scriptutil is an NSH command which is used to execute scripts on a target host, These are known as type-3 scripts to the UI user.


            There are 2 cases and these 2 cases are as they are designed since the existence of NSH and scriptutil until today.


            1. When all commands are allowed to be executed on the target host, scriptutil and the script that it executes are allowed to be executed on the target hosts.
            2. When the "commands=" list is explicitly formed, scriptutil scripts are *not* allowed to execute on the target hosts.


            The use case falls in case no. 2 explained above.



            Also, I have filed a an RFE# QM001785515 for this case requesting TYPE 3 nsh scripts to be executed with command authorizations in place in the users file.


            Please let me know if you have any questions or concerns.



            Parag Desai

            BMC Support






            Thank you for submitting the Request For Enhancement (RFE) number QM001785515. This RFE was reviewed by the Product Management team and is under consideration for a future release. 



            Due to the fact that we receive more RFEs each year than we can reasonably include in the product, we cannot guarantee that your RFE will be included in a future release.  Prior to the next development cycle, the Product Management team will evaluate your RFE, along with the entire list of RFEs, to ensure that the features most often requested and that best serve our customers as a whole are slated for development. 



            Once again, thank you for submitting your Request for Enhancement.


            The BMC Product Management Team


            Thank you.


            Summary: Script Type non-NSH script (Type 3) should be anle to run with command authorizations in place in users file .

            Status Mode: Open

            Status: Pending

            Resolution: Under consideration

            Product Name: BMC BladeLogic Server Automation .