Difference between revisions of "The command arssockd can only be run by the owner of the command"
m (Added message number / name.) |
m (Added changing file permissions.) |
||
| Line 25: | Line 25: | ||
In some systems, the owner of all of the Content Manager OnDemand files installed under /usr/lpp/ars/bin, /opt/ondemand/bin, or /opt/IBM/ondemand/V9.x has been changed to be 'non-root'. This is typically done for security reasons, so that a remote exploit of the OnDemand daemon (arssockd) doesn't immediately provide root privileges to the attacker. After an upgrade, these permissions may have been re-written, and need to be reimplemented. | In some systems, the owner of all of the Content Manager OnDemand files installed under /usr/lpp/ars/bin, /opt/ondemand/bin, or /opt/IBM/ondemand/V9.x has been changed to be 'non-root'. This is typically done for security reasons, so that a remote exploit of the OnDemand daemon (arssockd) doesn't immediately provide root privileges to the attacker. After an upgrade, these permissions may have been re-written, and need to be reimplemented. | ||
In this case, the UNIX file and group ownership need to be set to match the UNIX user name that will run arssockd. | |||
<code> | |||
-r-xr-xr-x 1 root system 5662247 Sep 4 2013 arsrpt | |||
-r-xr-xr-x 1 root system 8795499 Sep 4 2013 arsslu | |||
-r-xr-xr-x 1 root system 7289800 Sep 4 2013 arssockd | |||
-r-xr-xr-x 1 root system 4394507 Sep 4 2013 arssyscr | |||
-r-xr-xr-x 1 root system 7082704 Sep 4 2013 arstblsp | |||
-r-xr-xr-x 1 root system 8753959 Sep 4 2013 arstfmt | |||
-r-xr-xr-x 1 root system 4221594 Sep 4 2013 arsview | |||
$ chown archive:sysadm1 ars* | |||
-r-xr-xr-x 1 archive sysadm1 5662247 Sep 4 2013 arsrpt | |||
-r-xr-xr-x 1 archive sysadm1 8795499 Sep 4 2013 arsslu | |||
-r-xr-xr-x 1 archive sysadm1 7289800 Sep 4 2013 arssockd | |||
-r-xr-xr-x 1 archive sysadm1 4394507 Sep 4 2013 arssyscr | |||
-r-xr-xr-x 1 archive sysadm1 7082704 Sep 4 2013 arstblsp | |||
-r-xr-xr-x 1 archive sysadm1 8753959 Sep 4 2013 arstfmt | |||
-r-xr-xr-x 1 archive sysadm1 4221594 Sep 4 2013 arsview | |||
</code> | |||
When performing a new installation, ensure that the following parameters all match the user name that the CMOD database runs under: | When performing a new installation, ensure that the following parameters all match the user name that the CMOD database runs under: | ||
In ars.ini: | In ars.ini: | ||
| Line 37: | Line 57: | ||
<code>DB2INSTANCE=ARCHIVE</code> | <code>DB2INSTANCE=ARCHIVE</code> | ||
'''''Ensure that these parameters both have matching case.''''' If one is set to 'ARCHIVE', and the other is set to 'archive', [[arssockd]] will throw the ARS1154E error. | |||
Revision as of 10:52, 28 April 2015
What was the error?
OnDemand Message Number: 154
OnDemand Message Name: ARS1154E
Example
$ arssockd -I ARCHIVE -S
The command >arssockd< can only be run by the owner of the command
Or this message is displayed on the console:
arssockd (ARCHIVE): 04/25/15 18:43:47 0 ARSMSG 2 152 The command >arssockd< can only be run by the owner of the command
Related errors?
None.
What were you doing?
Probably trying to start CMOD for the first time after a fresh install, or an upgrade.
Troubleshooting
In some systems, the owner of all of the Content Manager OnDemand files installed under /usr/lpp/ars/bin, /opt/ondemand/bin, or /opt/IBM/ondemand/V9.x has been changed to be 'non-root'. This is typically done for security reasons, so that a remote exploit of the OnDemand daemon (arssockd) doesn't immediately provide root privileges to the attacker. After an upgrade, these permissions may have been re-written, and need to be reimplemented.
In this case, the UNIX file and group ownership need to be set to match the UNIX user name that will run arssockd.
-r-xr-xr-x 1 root system 5662247 Sep 4 2013 arsrpt
-r-xr-xr-x 1 root system 8795499 Sep 4 2013 arsslu
-r-xr-xr-x 1 root system 7289800 Sep 4 2013 arssockd
-r-xr-xr-x 1 root system 4394507 Sep 4 2013 arssyscr
-r-xr-xr-x 1 root system 7082704 Sep 4 2013 arstblsp
-r-xr-xr-x 1 root system 8753959 Sep 4 2013 arstfmt
-r-xr-xr-x 1 root system 4221594 Sep 4 2013 arsview
$ chown archive:sysadm1 ars*
-r-xr-xr-x 1 archive sysadm1 5662247 Sep 4 2013 arsrpt
-r-xr-xr-x 1 archive sysadm1 8795499 Sep 4 2013 arsslu
-r-xr-xr-x 1 archive sysadm1 7289800 Sep 4 2013 arssockd
-r-xr-xr-x 1 archive sysadm1 4394507 Sep 4 2013 arssyscr
-r-xr-xr-x 1 archive sysadm1 7082704 Sep 4 2013 arstblsp
-r-xr-xr-x 1 archive sysadm1 8753959 Sep 4 2013 arstfmt
-r-xr-xr-x 1 archive sysadm1 4221594 Sep 4 2013 arsview
When performing a new installation, ensure that the following parameters all match the user name that the CMOD database runs under:
In ars.ini:
SRVR_INSTANCE_OWNER=ARCHIVE
In ars.cfg:
DB2INSTANCE=ARCHIVE
Ensure that these parameters both have matching case. If one is set to 'ARCHIVE', and the other is set to 'archive', arssockd will throw the ARS1154E error.