Permission error when executing a script that escalate to sesu with duplicated lines inside
search cancel

Permission error when executing a script that escalate to sesu with duplicated lines inside

book

Article ID: 275922

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

WE have an script that allow users to escalate to sesu, in all Operative Systems works fine, in Solaris 11.4 gives a permission error

Environment

PIM 12.8sp1 

Solaris 11.4

Cause

WE see that the problem is the duplicate of any line inside the script

For instance

echo `date` "Sesu to UID 0"
echo `date` "security"

or 

echo HOLA|awk '{print $1}'
echo ADIOS|awk '{print $1}'


We also get a permssion denied in the second time the 'date' or 'awk' is executed

In trace log, we see a deny (D) in the 'date' line

Resolution

The script had this line

#!/bin/ksh
#
# Escalation to UID 0
#
echo
echo `date` "Sesu to UID 0"
echo `date` "security"
echo

/usr/local/pr/CM/AC/AccessControl/bin/sesu

...

WE suggested to change the shell

vi psu
#!/usr/bin/ksh
Change it to #!/usr/bin/bash

 


With the shell change problem is solved

#!/bin/bash
#
# Escalation to UID 0
#
echo
echo `date` "Sesu to UID 0"
echo `date` "security"
echo

Powered by Wolken Software