After upgrading a Unix/Linux Agent, job execution with certain user credentials is aborted with FAULT_OTHER error U02012082.

After reverting back to the previous version, job execution ended normally.

Release : 12.3, 21.0

Component : AUTOMATION ENGINE

Before users with no login permission (/bin/nologin) were able to execute the job but it is not possible in newer versions.

The reason is that a security issue has been fixed:

https://downloads.automic.com/tools/release_notes?lifecycle_entity_id=1409143059253&component_id=1409143059262&version_id=1569946195042&upgrade_version_id=1622624657910&search=execute+privileges

With this security fix it was made sure that:

Unix Agent checks default login shell and prevents logon with that user in case of "/usr/sbin/nologin", "/sbin/true", "/sbin/false"

Unix Agent prevents login, when password is "*" or empty.

This behavior changed in the following versions of all Unix agents:

• v12.2.10, v12.2.11
• v12.3.7, v12.3.8,v12.3.9
• v21.0.0, v21.0.1, v21.0.2, v21.0.3,v21.0.4

Since the concern of the vulnerability was mainly about remote execution, it was decided that local users with a /bin/nologin shell can be allowed to execute jobs on the agent.

This option is available in the versions indicated below, after setting:  allow_nologin_shell=Y in the [GLOBAL]-section of the Agent's ini-file

Solution:

Update to a fix version listed below or a newer version if available.

Fix version:

Component(s): Unix Agent

Automation.Engine 12.3.9 HF1 - Available

Automation.Engine 12.3.9 HF2 - Available

Automation.Engine 21.0.4 HF1 - Available

Automation.Engine 21.0.5 - Available

Information on requirements for running jobs with a nologin user can be found here