Issue installing PIM due to /tmp permissions
search cancel

Issue installing PIM due to /tmp permissions

book

Article ID: 44992

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

When attempting to install or upgrade PIM/PAMSC on a Unix system, the following error occurs.

Updating / installing...
/opt/CA/AccessControl/install_base: line 6637: /tmp/pre_install/getvar.sh: Permission denied
/opt/CA/AccessControl/install_base: line 5245: [: =: unary operator expected
This platform is not supported.

It has already been confirmed that the OS version and PIM/PAMSC version are compatible with the Compatibility Matrix.

Environment

Privileged Identity Manager or PAM Server Control, Linux endpoint

Cause

This is caused by /tmp being mounted with noexec which stops anything being executed under /tmp. By default, the installation unpackages and runs scripts from /tmp.

Resolution

To resolve the issue, temporarily remount /tmp with exec rights prior to installing the endpoint.

1) Remount /tmp as exec prior to installation
# mount -o remount,exec /tmp

2) Install the endpoint

3) After installing, remount /tmp with noexec to revert the original configuration
# mount -o remount,noexec /tmp

 

If mounting the /tmp directory is not an option, a temporary directory could be created as a workaround.

1) Create a new tmp directory:
# mkdir /tmp2
2) Ensure it has proper permissions:
# chmod 755 /tmp2

Then configure the installer to use /tmp2 as the temporary directory.

For RPM installations, the tmp directory is set within the RPM package.

3) Customize your RPM package to reflect the new tmp directory.
# customize_eac_rpm -t /tmp2
4) Install the program

For install_base installations, the script uses the $MY_TMPDIR variable.

3) Verify what $MY_TMPDIR is currently set to using `env`
4) MY_TMPDIR = /tmp2
5) export $MY_TMPDIR
6) Install using install_base
7) Follow steps 4 and 5 to set $MY_TMPDIR back to the original value

The /tmp2 directory can be removed after the installation is complete.

Additional Information

PIM Compatibility Matrix: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/release-announcements/CA-PRIVILEGED-IDENTITY-MANAGER-ENDPOINT-COMPATIBILITY-MATRIX/16769

PAMSC Compatibility Matrix: https://support.broadcom.com/external/content/release-announcements/CA-Privileged-Access-Manager-Server-Control-Endpoint-Compatibility-Matrix/16749