Difference between revisions of "The command arssockd can only be run by the owner of the command"
Jump to navigation
Jump to search
m (Added changing file permissions.) |
m (Standardized the layout.) |
||
| Line 1: | Line 1: | ||
{{TOCright}} | |||
== What was the error? == | |||
Message Number: 154 | |||
Message Severity: Error | |||
Message Name: ARS1154E | |||
The command >arssockd< can only be run by the owner of the command | Message Text: The command >arssockd< can only be run by the owner of the command | ||
== Example == | |||
$ arssockd -I ARCHIVE -S | |||
The command >arssockd< can only be run by the owner of the command | |||
Or this message is displayed on the console:<br /> | Or this message is displayed on the console:<br /> | ||
arssockd (ARCHIVE): 04/25/15 18:43:47 0 ARSMSG 2 152 The command >arssockd< can only be run by the owner of the command | |||
== What were you doing? == | |||
Probably trying to start CMOD for the first time after a fresh install, or an upgrade. | Probably trying to start CMOD for the first time after a fresh install, or an upgrade. | ||
== Troubleshooting == | |||
In some systems, the owner of all of the Content Manager OnDemand files installed under /usr/lpp/ars/bin, /opt/ondemand/bin, or /opt/IBM/ondemand/V9.x has been changed to be 'non-root'. This is typically done for security reasons, so that a remote exploit of the OnDemand daemon (arssockd) doesn't immediately provide root privileges to the attacker. After an upgrade, these permissions may have been re-written, and need to be reimplemented. | In some systems, the owner of all of the Content Manager OnDemand files installed under /usr/lpp/ars/bin, /opt/ondemand/bin, or /opt/IBM/ondemand/V9.x has been changed to be 'non-root'. This is typically done for security reasons, so that a remote exploit of the OnDemand daemon (arssockd) doesn't immediately provide root privileges to the attacker. After an upgrade, these permissions may have been re-written, and need to be reimplemented. | ||
| Line 28: | Line 30: | ||
In this case, the UNIX file and group ownership need to be set to match the UNIX user name that will run arssockd. | In this case, the UNIX file and group ownership need to be set to match the UNIX user name that will run arssockd. | ||
-r-xr-xr-x 1 root system 5662247 Sep 4 2013 arsrpt | -r-xr-xr-x 1 root system 5662247 Sep 4 2013 arsrpt | ||
-r-xr-xr-x 1 root system 8795499 Sep 4 2013 arsslu | -r-xr-xr-x 1 root system 8795499 Sep 4 2013 arsslu | ||
| Line 46: | Line 47: | ||
-r-xr-xr-x 1 archive sysadm1 8753959 Sep 4 2013 arstfmt | -r-xr-xr-x 1 archive sysadm1 8753959 Sep 4 2013 arstfmt | ||
-r-xr-xr-x 1 archive sysadm1 4221594 Sep 4 2013 arsview | -r-xr-xr-x 1 archive sysadm1 4221594 Sep 4 2013 arsview | ||
When performing a new installation, ensure that the following parameters all match the user name that the CMOD database runs under: | When performing a new installation, ensure that the following parameters all match the user name that the CMOD database runs under: | ||
| Line 52: | Line 52: | ||
In ars.ini: | In ars.ini: | ||
SRVR_INSTANCE_OWNER=ARCHIVE | |||
In ars.cfg: | In ars.cfg: | ||
DB2INSTANCE=ARCHIVE | |||
'''''Ensure that these parameters both have matching case.''''' If one is set to 'ARCHIVE', and the other is set to 'archive', [[arssockd]] will throw the ARS1154E error. | '''''Ensure that these parameters both have matching case.''''' If one is set to 'ARCHIVE', and the other is set to 'archive', [[arssockd]] will throw the ARS1154E error. | ||
Revision as of 00:30, 29 April 2015
What was the error?
Message Number: 154
Message Severity: Error
Message Name: ARS1154E
Message Text: The command >arssockd< can only be run by the owner of the command
Example
$ arssockd -I ARCHIVE -S The command >arssockd< can only be run by the owner of the command
Or this message is displayed on the console:
arssockd (ARCHIVE): 04/25/15 18:43:47 0 ARSMSG 2 152 The command >arssockd< can only be run by the owner of the command
What were you doing?
Probably trying to start CMOD for the first time after a fresh install, or an upgrade.
Troubleshooting
In some systems, the owner of all of the Content Manager OnDemand files installed under /usr/lpp/ars/bin, /opt/ondemand/bin, or /opt/IBM/ondemand/V9.x has been changed to be 'non-root'. This is typically done for security reasons, so that a remote exploit of the OnDemand daemon (arssockd) doesn't immediately provide root privileges to the attacker. After an upgrade, these permissions may have been re-written, and need to be reimplemented.
In this case, the UNIX file and group ownership need to be set to match the UNIX user name that will run arssockd.
-r-xr-xr-x 1 root system 5662247 Sep 4 2013 arsrpt -r-xr-xr-x 1 root system 8795499 Sep 4 2013 arsslu -r-xr-xr-x 1 root system 7289800 Sep 4 2013 arssockd -r-xr-xr-x 1 root system 4394507 Sep 4 2013 arssyscr -r-xr-xr-x 1 root system 7082704 Sep 4 2013 arstblsp -r-xr-xr-x 1 root system 8753959 Sep 4 2013 arstfmt -r-xr-xr-x 1 root system 4221594 Sep 4 2013 arsview $ chown archive:sysadm1 ars* -r-xr-xr-x 1 archive sysadm1 5662247 Sep 4 2013 arsrpt -r-xr-xr-x 1 archive sysadm1 8795499 Sep 4 2013 arsslu -r-xr-xr-x 1 archive sysadm1 7289800 Sep 4 2013 arssockd -r-xr-xr-x 1 archive sysadm1 4394507 Sep 4 2013 arssyscr -r-xr-xr-x 1 archive sysadm1 7082704 Sep 4 2013 arstblsp -r-xr-xr-x 1 archive sysadm1 8753959 Sep 4 2013 arstfmt -r-xr-xr-x 1 archive sysadm1 4221594 Sep 4 2013 arsview
When performing a new installation, ensure that the following parameters all match the user name that the CMOD database runs under:
In ars.ini:
SRVR_INSTANCE_OWNER=ARCHIVE
In ars.cfg:
DB2INSTANCE=ARCHIVE
Ensure that these parameters both have matching case. If one is set to 'ARCHIVE', and the other is set to 'archive', arssockd will throw the ARS1154E error.