[Linux-PowerEdge] OMSA 9.2.0 breaking non-privileged user access?

Puneet_Sapra at Dell.com Puneet_Sapra at Dell.com
Tue Feb 5 12:07:06 CST 2019


Hi Stefan,

OMSA 9.2.0 CLI commands failure issue with non-root/non-admin user access for some omreport commands, has been addressed in the below patch. Kindly use the patch to resolve the issue and let us know if you see any further issues. 

Dell EMC OpenManage Server Administrator Managed Node (Patch) for RHEL 6.10, v9.2.0.3 
https://www.dell.com/support/home/in/en/inbsd1/Drivers/DriversDetails?driverid=PRMR9

Dell EMC OpenManage Server Administrator Managed Node (Patch) for RHEL 7.5, v9.2.0.3 
https://www.dell.com/support/home/in/en/inbsd1/Drivers/DriversDetails?driverid=K7GGP

Dell EMC OpenManage Server Administrator Managed Node (Patch) for SLES 15, v9.2.0.3 
https://www.dell.com/support/home/in/en/inbsd1/Drivers/DriversDetails?driverid=WDDHN

Dell EMC OpenManage Server Administrator Managed Node for Ubuntu 18.04.1, v9.2.0 
https://linux.dell.com/repo/community/openmanage/

Thanks and Regards,
Puneet Sapra - Dell EMC

-----Original Message-----
From: Sapra, Puneet 
Sent: Monday, January 28, 2019 5:38 PM
To: linux-poweredge-Lists
Cc: 'stefan.dietrich at desy.de'
Subject: OMSA 9.2.0 breaking non-privileged user access?

Dell - Internal Use - Confidential  


Hi Stefan,

Thank you for reaching out to us.

We are aware of this reported issue and in the process of releasing a patch for the same. We shall keep you updated on the forum as soon as we are ready with a patch.

Currently there is no better workaround than elevating the normal user to an admin (updating omarolemap).

Thanks and Regards,
Puneet Sapra

Today's Topics:

   1.  OMSA 9.2.0 breaking non-privileged user access?
      (Dietrich, Stefan)


----------------------------------------------------------------------

Message: 1
Date: Fri, 25 Jan 2019 16:04:04 +0100 (CET)
From: "Dietrich, Stefan" <stefan.dietrich at desy.de>
To: linux-poweredge <linux-poweredge at dell.com>
Subject: [Linux-PowerEdge] OMSA 9.2.0 breaking non-privileged user
	access?
Message-ID: <846889846.376761.1548428644784.JavaMail.zimbra at desy.de>
Content-Type: text/plain; charset="utf-8"


[EXTERNAL EMAIL] 

Hi,

OMSA 9.2.0 seems to break non-privileged user access for some commands.
For example, running omreport chassis memory as normal user now only returns an error:

-bash-4.2$ id
uid=994(nrpe) gid=992(nrpe) groups=992(nrpe),993(nagios) -bash-4.2$ omreport chassis memory Memory Information Error : SMStatus: 700

-bash-4.2$ omreport chassis batteries
Error! XML Transformation failed

...while "omreport chassis memory" does not work, "omreport chassis fans" does work.
So far, the subcommands "chassis memory", "chassis pwrmonitoring" & "chassis batteries" seem to be affected.
Issue has been seen for OMSA 9.2.0 on CentOS 7 and Ubuntu 18.04.

According to https://www.dell.com/community/Systems-Management-General/After-upgrade-from-OMSA-9-1-to-9-2-commands-fail-on-Centos/td-p/6220369
configuring Administrator privileges in /opt/dell/srvadmin/etc/omarolemap "solves" the issue.
However, Administrator contains lots of privileges.

This essentially breaks hardware monitoring with check_openmanage via NRPE.

Is there a better workaround available than assigning Administrator privileges or running some commands with sudo via NRPE?

Regards,
Stefan

srvadmin package versions:
# rpm -qa srvadmin\* | sort
srvadmin-base-9.2.0-3142.13664.el7.x86_64
srvadmin-cm-9.2.0-18.10.00.x86_64
srvadmin-deng-9.2.0-3142.13664.el7.x86_64
srvadmin-hapi-9.2.0-3142.13664.el7.x86_64
srvadmin-isvc-9.2.0-3142.13664.el7.x86_64
srvadmin-marvellib-9.2.0-3142.13664.el7.x86_64
srvadmin-nvme-9.2.0-3142.13664.el7.x86_64
srvadmin-omacore-9.2.0-3142.13664.el7.x86_64
srvadmin-omacs-9.2.0-3142.13664.el7.x86_64
srvadmin-omcommon-9.2.0-3142.13664.el7.x86_64
srvadmin-omilcore-9.2.0-3142.13664.el7.x86_64
srvadmin-ominst-9.2.0-3142.13664.el7.x86_64
srvadmin-realssd-9.2.0-3142.13664.el7.x86_64
srvadmin-server-cli-9.2.0-3142.13664.el7.x86_64
srvadmin-smcommon-9.2.0-3142.13664.el7.x86_64
srvadmin-storage-9.2.0-3142.13664.el7.x86_64
srvadmin-storage-cli-9.2.0-3142.13664.el7.x86_64
srvadmin-storageservices-cli-9.2.0-3142.13664.el7.x86_64
srvadmin-storelib-9.2.0-3142.13664.el7.x86_64
srvadmin-storelib-sysfs-9.2.0-3142.13664.el7.x86_64
srvadmin-sysfsutils-9.2.0-3142.13664.el7.x86_64
srvadmin-xmlsup-9.2.0-3142.13664.el7.x86_64

--
------------------------------------------------------------------------
Stefan Dietrich            Deutsches Elektronen-Synchrotron (IT-Systems)
                        Ein Forschungszentrum der Helmholtz-Gemeinschaft
                                                            Notkestr. 85
phone:  +49-40-8998-4696                                   22607 Hamburg
e-mail: stefan.dietrich at desy.de                                  Germany
------------------------------------------------------------------------



------------------------------

Subject: Digest Footer

_______________________________________________
Linux-PowerEdge mailing list
Linux-PowerEdge at dell.com
https://lists.us.dell.com/mailman/listinfo/linux-poweredge

------------------------------

End of Linux-PowerEdge Digest, Vol 175, Issue 2
***********************************************



More information about the Linux-PowerEdge mailing list