When I run xcom with userid "tenfold"  I get an error but running with root has no Error, is there any settings ?

 

# xcomtcp -c1 -f test.cnf

2020/04/02 15:13:10 TID=000094 [/home/test/date.txt --> /home/test/out1.txt at 127.0.0.1]

    XCOMU0029I Locally initiated transfer started.

 

2020/04/02 15:13:10 TID=000094

    XCOMU0011I Transfer ended; 1 blocks (29 bytes) transmitted in 0 seconds (29 bytes/second)

 

# su - tenfold

Last login: Thu Apr  2 15:06:19 EDT 2020 on pts/1

$ cd /xxxx/uu/vvv/fffff

$ xcomtcp -c1 -f test.cnf

2020/04/02 15:14:21 TID=000096 [/home/test/date.txt --> /home/test/out1.txt at 127.0.0.1]

    XCOMU0029I Locally initiated transfer started.

 

2020/04/02 15:14:21 TID=000096

    #XCOMU0298E Unable to allocate remote transaction program: Txpi  227: Socket received 0 bytes: partner closed socket. Last error: 0

Release : 11.6

Component : CA XCOM Data Transport for Linux PC

In this situation you need to make sure of the following:
 
1. Make sure that the $XCOM_HOME is defined in the sudoers file of the system.
2. Make sure that the userid that is in the sudo list has the proper permissions. Having that userid in the list does not mean that it has full root access.
3. Since the message received does not provide much details you want to capture a XCOM trace to see what is the actual message that is causing the problem. 
 
In this case the trace showed the following message:

Txpi  308: TxpiInitSSL Failed msg = <error:0200100D:system library:fopen:Permission denied +++ fopen('/opt/CA/XCOM/ssl/certs/cassl.pem','r')> value = 0

That confirmed that the sudo userid being used for the transfer didn't have the proper permission to access the CA certificate in order to perform the secured transfer. At this point you need to go back and provide the sudo userid the proper permissions.

Here are some command and tips to help debug the situation:
 
1. Who is issuing the xcomtcp command to start the transfer, the su userid as a QUEUE=NO or is it the daemon QUEUE=YES? 
2. /etc/sudoers - This file contains information that controls which users and groups are granted with sudo privileges, as 
                           well as the level of the privileges.
3. The following command will list all sudo users: getent group sudo | cut -d: -f4 
4. The following command will help to check if a certain user has sudo privilege or not: sudo -l -U userid
5. The following command getent command also allows you to access users who may not be present in the passwd file, such as LDAP users:
         getent passwd | cut -f1 -d: | sudo xargs -L1 sudo -l -U | grep -v 'not allowed' 
6. Another quick test outside of XCOM would be to do the following:
       sudo 'userid'
       using vi or view, try to view the file in question (e.g. vi /opt/CA/XCOM/ssl/certs/cassl.pem)

Note: Please make sure to double check the syntax of the above commands for the purpose of your system.