Error: "Failed to set group for limits configuration file" when installing DLP Detection Server on LInux
search cancel

Error: "Failed to set group for limits configuration file" when installing DLP Detection Server on LInux

book

Article ID: 219403

calendar_today

Updated On:

Products

Data Loss Prevention Core Package Data Loss Prevention Data Loss Prevention Network Discover Data Loss Prevention Network Monitor and Prevent for Email Data Loss Prevention Network Monitor Data Loss Prevention Network Prevent for Email Data Loss Prevention Network Monitor and Prevent for Web Data Loss Prevention Network Monitor and Prevent for Email and Web Data Loss Prevention Endpoint Discover Data Loss Prevention Endpoint Prevent Data Loss Prevention Enterprise Suite

Issue/Introduction

Symantec Data Loss Prevention (DLP)
Network and Endpoint Prevent on RHEL 

When installing a Detection Server on Linux it fails with this entry:


... Select whether you want to create new users or use existing users for the DLP service users.
1. New User
2. Existing User
Select an option: 2
Service User
Specify Service User
Specify the username of the service user you wish to use.
Enter Username: <Your desired Service User name>    
Update User
Specify Update User
Specify the username of the update user you wish to use.
Enter Username: <Your desired Update User name>         
Detection Server Default Certificates
Use Default Certificates for Communication with Enforce
Specify if this server should enable the bundled default certificates to secure communication with the Enforce Server.  Symantec recommends enabling default certificates only if the Detection Server is on a secure network or is only accessible to trusted traffic.
1. Enable Default Certificates
2. Disable Default Certificates
Select an option: 2
Server Bindings
Specify Detection Server Service Bindings
Specify on which host and port this server should accept connections from Enforce on.
Enter Host: 0.0.0.0
Enter Port: 8100
0%: Running configuration action "Start JVM Configuration Action"
6%: Running configuration action "Configure JRE Configuration Action"
13%: Running configuration action "Configure Tool JVM Configuration Action"
20%: Running configuration action "Set Permissions Configuration Action"
28%: Running configuration action "Configure Detection Communication Settings Configuration Action"
37%: Running configuration action "Disable Detection Communication Default Certificates Configuration Action"
46%: Running configuration action "Limits Configuration Action"
ERROR: Error running configuration action "Limits Configuration Action": Java Throwable Exception: Failed to set group for limits configuration file.; Message: Failed to set group for limits configuration file.
Exception: Failed to execute some configuration actions 

Environment

Release: Seen on 15.7 and 15.8

Component: Detection Server install on RHEL 7.x

Resolution

This error happens when there isn't a group with the same name as the service user. 
Or the service user is not a member of a group with the same name. 
You must create the group, and the service user must be a member of that group.

From the Symantec Data Loss Prevention Installation Guide for Linux:

"Note: If you create a new service user, the user must be a member of a group and the service user and the group names must match. If these conditions are not present, upgrades fail."

To confirm the group membership, run this command:

id <service user name>

The output should show what groups the service name is in. 

Example using "SymantecDLP" as the service name:

# id SymantecDLP

uid=1003(SymantecDLP) gid=1004(SymantecDLP) groups=1004(SymantecDLP)
Powered by Wolken Software