Autosys EEM (igatewayd) file system rights
search cancel

Autosys EEM (igatewayd) file system rights

book

Article ID: 226007

calendar_today

Updated On:

Products

CA Workload Automation AE - Scheduler (AutoSys)

Issue/Introduction

The entire Autosys installation is located on directory /custom/mount /.

In addition to get higher level of security on the file systems, they changed the file system rights on /custom/mount 

from 
     drwxrwxr-x  19 <autosys_admin_user> group123  4096 Oct  4 09:54 mount
to
     drwxr-x---  19 <standard_admin_user> group123  4096 Oct  4 09:54 mount

This change is exclusive on directory /custom/mount , all subordinate directories retain their previous rights.
The user dsa of the CA Directory Services and the <autosys_admin_user> are members of the group123 group.

But now the igateway.log contains the following entry:

[22972439251840] 10/06/21 05:53:53 FATAL :: ServerConfigBuilder::handlerError : Fatal error at file : , line : 0, char : 0, message : unable to open primary document entity '/custom/mount/ccp/iTechnology/igateway.conf' 
[22972439251840] 10/06/21 05:53:53 FATAL :: ServerConfigBuilder::buildServerConfig : There where errors when parsing server conf file 
[22972439251840] 10/06/21 05:53:53 FATAL :: ITECH_MAIN: Unable to build the server configuration

The service starts but the EEM environment is not available.

Since the service is executed with root, the question is why the access to the igateway.conf file is not possible.
As soon as the rights are changed to the previous status, the service will work normally again.

The igateway data are installed on /custom/mount/ccp/iTechnology and the service is executed as root via the standard start script /etc/init.d/igatewayd.

Environment

RHEL8 

Release : 12

Component : WA AE/AUTOSYS RELATED EEM

 

Resolution

SELINUX was actually still active on the test system. 

The automatic installation has changed the access rights under /custom/mount/ccp/ so that parts of the files no longer belonged to the root user. 

After the rights have been set and SELINUX has been deactivated, the igateway daemon works with the enhanced security.