Symantec Privileged Access Management

  • Private Community

  • 1.  Getting issue Opernation not permited

    Posted Jan 12, 2018 01:47 AM

    Hi Team,

    I am not able to fix the problem to some of the  servers:

    problem is I am not able to fix the logs

    09 Jan 2018 13:34:04 D FILE         ssingh10   Exec       69  2 /usr/bin/systemctl   /opt/novell/nam/adminconsole/bin/novell-ac 10.244.25.143                  root    
    09 Jan 2018 13:34:04 D FILE         ssingh10   Read       69  2 /usr/bin/systemctl   /opt/novell/nam/adminconsole/bin/novell-ac 10.244.25.143                  root    
    09 Jan 2018 13:34:04 D FILE         ssingh10   Exec       69  2 /usr/bin/systemctl   /opt/novell/nam/adminconsole/bin/novell-ac 10.244.25.143                  root    
    09 Jan 2018 13:34:04 D FILE         ssingh10   Read       69  2 /usr/bin/systemctl   /opt/novell/nam/adminconsole/bin/novell-ac 10.244.25.143                  root    

     

    Here I am trying to fix the problem by running this command

    auth file /usr/bin/* uid(* _undefined) access(all) via(pgm(/opt/novell/*))

    auth file /usr/bin/* uid(root) access(all) via(pgm(/opt/novell/*))

    auth file /usr/bin/* gid(seossys) access(all) via(pgm(/opt/novell/*))

     

     

    but I am not able to do Authorization for the user.

    jiasvl4001:~ # /etc/init.d/novell-ac start

    redirecting to systemctl start novell-ac.service

    /etc/rc.status: line 82: /usr/bin/systemctl: Operation not permitted

    /etc/rc.status: line 82: /usr/bin/systemctl: Success

    jiasvl4001:~ # /etc/init.d/novell-ac status

    checking status ...

    process is stopped                                                                                                                                 dead

    /etc/rc.status: line 82: /usr/bin/systemctl: Operation not permitted

    /etc/rc.status: line 82: /usr/bin/systemctl: Success

     

    and the user is getting error like above

    so what went wrong in it let me know.

     

    Thanks in advance



  • 2.  Re: Getting issue Opernation not permited
    Best Answer

    Posted Jan 12, 2018 02:29 PM

    Good day,

     

    I would suggest writing rules that are more granular than generic.  You are using wildcards in both the file and the program rule in which you want authorization to.  I do not believe the pgm rule can be wildcarded.

     

    auth file /usr/bin/systemctl uid(* _undefined) access(all) via(pgm(/opt/novell/nam/adminconsole/bin/novell-ac))
    auth file /usr/bin/systemctl uid(root) access(all) via(pgm(/opt/novell/nam/adminconsole/bin/novell-ac))
    auth file /usr/bin/systemctl gid(seossys) access(all) via(pgm(/opt/novell/nam/adminconsole/bin/novell-ac))

     

    Try the aforementioned rules and let us know the results.

     

    Thank you,

    Eric