SMARTS NCM: Controldb files and paths are improperly owned non-NCM user; Controldb files and paths owned by TCPDump user rather than pgdba
search cancel

SMARTS NCM: Controldb files and paths are improperly owned non-NCM user; Controldb files and paths owned by TCPDump user rather than pgdba

book

Article ID: 331182

calendar_today

Updated On:

Products

VMware Smart Assurance

Issue/Introduction

Symptoms:


Any permissions associated with the tcpdump/pgdba ambiguous user might be modified by the NCM installer to include or replace the default tcpdump user permissions with those that the NCM installer intends to assign only to the pgdba user. This may become problematic to the function and/or security of both the NCM PostgreSQL database and the Linux tcpdump utility. 

Many distributions of Linux versions 6+ come with the tcpdump utility pre-installed, which includes a tcpdump user that is typically configured to use a UID of 72.

The Smarts NCM installer, running on Linux versions 6+ experiences an ownership and permissions irregularity on these versions of Linux because the primary NCM database (PostgreSQL) is owned by the NCM installer created user: pgdba.

Unfortunately, The Smarts NCM installer is hard coded to place the pgdba user on a UID of 72. Since the pgdba user is posted to the Linux passwd file after the tcpdump user, and Linux does a simple reverse lookup of the first hit on any UID according to the first reference it encountered in the passwd file (in this case, the tcpdump user), all Smarts NCM primary database files appear to belong to the tcpdump default Linux user instead of the Smarts NCM created pgdba user.

Further, any permissions associated with the tcpdump/pgdba ambiguous user might be modified by the Smarts NCM installer to include or replace the default tcpdump user permissions with those that the NCM installer intends to assign only to the pgdba user. This may become problematic to the function and/or security of both the NCM PostgreSQL database and the Linux tcpdump utility. 

Environment

VMware Smart Assurance - NCM

Resolution

This issue is fixed in Smarts Network Configuration Manager version 9.3