EDR: Is /usr/share/cb/cb-force-shutdown a command that requires sudo permissions?
search cancel

EDR: Is /usr/share/cb/cb-force-shutdown a command that requires sudo permissions?


Article ID: 287427


Updated On:


Carbon Black EDR (formerly Cb Response)


  •  After upgrade, when attempting to start services, either using systemctl cb-enterprise start or /usr/share/cb/cbcluster, the following error is received : 
Incomplete sudo permissions configured for user 'carbonblacksvc' on host <EDR_hostname>. The user is missing the following 1 sudo privileges: 
1) sudo -n /usr/share/cb/cb-force-shutdown



  • EDR Server: 7.1.1+ Versions


  • Yes, this is expected.  This functionality was built into the 7.1.1 EDR server due to previous issues with systemctl getting caught in a failed state if services do not start cleanly.
  • Using the /usr/share/cb/cb-force-shutdown command will terminate all EDR services and reset systemctl for the cb-enterprise service unit.