After upgrading a Unix/Linux Agent, job execution with certain user credentials is aborted with FAULT_OTHER error U02012082.
After reverting back to the previous version, job execution ended normally.
Release : 12.3
Component : AUTOMATION ENGINE
Before users with no login permission (/bin/nologin) were able to execute the job but it is not possible in newer versions.
The reason is that a security issue has been fixed:
With this security fix it was made sure that:
Unix Agent checks default login shell and prevents logon with that user in case of "/usr/sbin/nologin", "/sbin/true", "/sbin/false"
Unix Agent prevents login, when password is "*" or empty.
This behavior changed in the following versions of all Unix agents:
Since the concern of the vulnerability was mainly about remote execution, it was decided that local users with a /bin/nologin shell can be allowed to execute jobs on the agent.
This option is available in the versions indicated below, after setting: allow_nologin_shell=Y in the [GLOBAL]-section of the Agent's ini-file
Update to a fix version listed below or a newer version if available.
Component(s): Unix Agent
Automation.Engine 12.3.9 HF1 - Available
Automation.Engine 12.3.9 HF2 - Available
Automation.Engine 21.0.4 HF1 - Planned release November 2022
Automation.Engine 21.0.5 - Planned release February 2023