SpectroSERVER hangs at startup and notes that required capabilities are not set properly
search cancel

SpectroSERVER hangs at startup and notes that required capabilities are not set properly

book

Article ID: 122846

calendar_today

Updated On:

Products

Spectrum

Issue/Introduction

After starting the SpectroSERVER (./startSS.pl) it hangs during startup showing the following:


Failed to get capabilities of file `/app/local/spectrum/SS/SpectroSERVER' (Operation not supported) 
SPC-SHD-29021: 
************************************************************************** 
The following output is intended to facilitate debugging, please forward 
to CA technical support. The files listed are not part of the customer 
installation of SPECTRUM. 
************************************************************************** 

Dec 04 15:12:08 ERROR TRACE at VNM.cc(436): Required capabilities cap_net_raw and cap_net_bind_service are not set properly. 
Dec 04 15:12:08 ERROR TRACE at VNM.cc(437): If installed Spectrum as non-root,Please run the $SPECROOT/Install-Tools/CASpectrum_ProcessRegister.sh as root to properly set capabilities if not run earlier 
Dec 04 15:12:08 ERROR TRACE at VNM.cc(438): If replaced SpectroSERVER file, then once start SS using startSS.pl with install owner 



  After a bit of troubleshooting, it appears that the script is giving an error for these 3 setcap statements:

        /usr/sbin/setcap cap_net_raw,cap_net_bind_service+ep $SPECROOT/SS/SpectroSERVER
        /usr/sbin/setcap cap_setuid+ep $SPECROOT/bin/launchinstdbapp
        /usr/sbin/setcap cap_sys_ptrace+ep $SPECROOT/bin/gdb

When manually running the setcap commands from the $SPECROOT/Install-Tools/CASpectrum_ProcessRegister.sh they fail:

executing sysctl -e -q -p command
Failed to set capabilities on file `/app/local/spectrum/SS/SpectroSERVER' (Operation not supported)
usage: setcap [-q] [-v] (-r|-|<caps>) <filename> [ ... (-r|-|<capsN>) <filenameN> ]

Note <filename> must be a regular (non-symlink) file.
Failed to set capabilities on file `/app/local/spectrum/bin/launchinstdbapp' (Operation not supported)
usage: setcap [-q] [-v] (-r|-|<caps>) <filename> [ ... (-r|-|<capsN>) <filenameN> ]

Note <filename> must be a regular (non-symlink) file.
Failed to set capabilities on file `/app/local/spectrum/bin/gdb' (Operation not supported)
usage: setcap [-q] [-v] (-r|-|<caps>) <filename> [ ... (-r|-|<capsN>) <filenameN> ]

Note <filename> must be a regular (non-symlink) file.

Environment

Component: SPCCSS

Resolution

Reconfigure Spectrum so that you are not using an NFS mount or provide root ownership back to the processd and SpectroSERVER process:

1. Enable the setuid bit on SpectroSERVER executable and change the file ownership to root (as before 10.3) 

cd $SPECROOT/SS
chown root:root_group SpectroSERVER 
chmod u+s SpectroSERVER 

Note: Here root_group is root user group name 

2. Stop processd. 
3. Edit /etc/init.d/processd file and change the username (USER=(username)) to root and save it. 
ie. USER=root 
c. Start processd as root user and run process listing verify it's running as root. 
d. Start the SpectroSERVER 

Additional Information

When changing the ownership back to root user, you will see this message in the $SPECROOT/SS/VNM.OUT which you can ignore because the SpectroSERVER process is owned by root:

Failed to get capabilities of file `/app/local/spectrum/SS/SpectroSERVER' (Operation not supported)
unable to set CAP_SETFCAP effective capability: Operation not permitted
 
Powered by Wolken Software