[Linux-PowerEdge] OMSA 9.2.0 breaking non-privileged user access?

Dietrich, Stefan stefan.dietrich at desy.de
Wed Feb 6 01:14:41 CST 2019


Hello Puneet,

I can confirm, the updated packages solve the problems and running "omreport chassis memory" etc. is possible again for non-privileged users.
I hope the updated packages will be part of the February release on http://linux.dell.com/repo/hardware/dsu/

Regards,
Stefan

----- Original Message -----
> From: "Puneet Sapra" <Puneet.Sapra at dell.com>
> To: linux-poweredge at lists.us.dell.com
> Cc: "Stefan Dietrich" <stefan.dietrich at desy.de>
> Sent: Tuesday, February 5, 2019 7:07:06 PM
> Subject: RE: OMSA 9.2.0 breaking non-privileged user access?

> Hi Stefan,
> 
> OMSA 9.2.0 CLI commands failure issue with non-root/non-admin user access for
> some omreport commands, has been addressed in the below patch. Kindly use the
> patch to resolve the issue and let us know if you see any further issues.
> 
> Dell EMC OpenManage Server Administrator Managed Node (Patch) for RHEL 6.10,
> v9.2.0.3
> https://www.dell.com/support/home/in/en/inbsd1/Drivers/DriversDetails?driverid=PRMR9
> 
> Dell EMC OpenManage Server Administrator Managed Node (Patch) for RHEL 7.5,
> v9.2.0.3
> https://www.dell.com/support/home/in/en/inbsd1/Drivers/DriversDetails?driverid=K7GGP
> 
> Dell EMC OpenManage Server Administrator Managed Node (Patch) for SLES 15,
> v9.2.0.3
> https://www.dell.com/support/home/in/en/inbsd1/Drivers/DriversDetails?driverid=WDDHN
> 
> Dell EMC OpenManage Server Administrator Managed Node for Ubuntu 18.04.1, v9.2.0
> https://linux.dell.com/repo/community/openmanage/
> 
> Thanks and Regards,
> Puneet Sapra - Dell EMC
> 
> -----Original Message-----
> From: Sapra, Puneet
> Sent: Monday, January 28, 2019 5:38 PM
> To: linux-poweredge-Lists
> Cc: 'stefan.dietrich at desy.de'
> Subject: OMSA 9.2.0 breaking non-privileged user access?
> 
> Dell - Internal Use - Confidential
> 
> 
> Hi Stefan,
> 
> Thank you for reaching out to us.
> 
> We are aware of this reported issue and in the process of releasing a patch for
> the same. We shall keep you updated on the forum as soon as we are ready with a
> patch.
> 
> Currently there is no better workaround than elevating the normal user to an
> admin (updating omarolemap).
> 
> Thanks and Regards,
> Puneet Sapra
> 
> Today's Topics:
> 
>   1.  OMSA 9.2.0 breaking non-privileged user access?
>      (Dietrich, Stefan)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Fri, 25 Jan 2019 16:04:04 +0100 (CET)
> From: "Dietrich, Stefan" <stefan.dietrich at desy.de>
> To: linux-poweredge <linux-poweredge at dell.com>
> Subject: [Linux-PowerEdge] OMSA 9.2.0 breaking non-privileged user
>	access?
> Message-ID: <846889846.376761.1548428644784.JavaMail.zimbra at desy.de>
> Content-Type: text/plain; charset="utf-8"
> 
> 
> [EXTERNAL EMAIL]
> 
> Hi,
> 
> OMSA 9.2.0 seems to break non-privileged user access for some commands.
> For example, running omreport chassis memory as normal user now only returns an
> error:
> 
> -bash-4.2$ id
> uid=994(nrpe) gid=992(nrpe) groups=992(nrpe),993(nagios) -bash-4.2$ omreport
> chassis memory Memory Information Error : SMStatus: 700
> 
> -bash-4.2$ omreport chassis batteries
> Error! XML Transformation failed
> 
> ...while "omreport chassis memory" does not work, "omreport chassis fans" does
> work.
> So far, the subcommands "chassis memory", "chassis pwrmonitoring" & "chassis
> batteries" seem to be affected.
> Issue has been seen for OMSA 9.2.0 on CentOS 7 and Ubuntu 18.04.
> 
> According to
> https://www.dell.com/community/Systems-Management-General/After-upgrade-from-OMSA-9-1-to-9-2-commands-fail-on-Centos/td-p/6220369
> configuring Administrator privileges in /opt/dell/srvadmin/etc/omarolemap
> "solves" the issue.
> However, Administrator contains lots of privileges.
> 
> This essentially breaks hardware monitoring with check_openmanage via NRPE.
> 
> Is there a better workaround available than assigning Administrator privileges
> or running some commands with sudo via NRPE?
> 
> Regards,
> Stefan
> 
> srvadmin package versions:
> # rpm -qa srvadmin\* | sort
> srvadmin-base-9.2.0-3142.13664.el7.x86_64
> srvadmin-cm-9.2.0-18.10.00.x86_64
> srvadmin-deng-9.2.0-3142.13664.el7.x86_64
> srvadmin-hapi-9.2.0-3142.13664.el7.x86_64
> srvadmin-isvc-9.2.0-3142.13664.el7.x86_64
> srvadmin-marvellib-9.2.0-3142.13664.el7.x86_64
> srvadmin-nvme-9.2.0-3142.13664.el7.x86_64
> srvadmin-omacore-9.2.0-3142.13664.el7.x86_64
> srvadmin-omacs-9.2.0-3142.13664.el7.x86_64
> srvadmin-omcommon-9.2.0-3142.13664.el7.x86_64
> srvadmin-omilcore-9.2.0-3142.13664.el7.x86_64
> srvadmin-ominst-9.2.0-3142.13664.el7.x86_64
> srvadmin-realssd-9.2.0-3142.13664.el7.x86_64
> srvadmin-server-cli-9.2.0-3142.13664.el7.x86_64
> srvadmin-smcommon-9.2.0-3142.13664.el7.x86_64
> srvadmin-storage-9.2.0-3142.13664.el7.x86_64
> srvadmin-storage-cli-9.2.0-3142.13664.el7.x86_64
> srvadmin-storageservices-cli-9.2.0-3142.13664.el7.x86_64
> srvadmin-storelib-9.2.0-3142.13664.el7.x86_64
> srvadmin-storelib-sysfs-9.2.0-3142.13664.el7.x86_64
> srvadmin-sysfsutils-9.2.0-3142.13664.el7.x86_64
> srvadmin-xmlsup-9.2.0-3142.13664.el7.x86_64
> 
> --
> ------------------------------------------------------------------------
> Stefan Dietrich            Deutsches Elektronen-Synchrotron (IT-Systems)
>                        Ein Forschungszentrum der Helmholtz-Gemeinschaft
>                                                            Notkestr. 85
> phone:  +49-40-8998-4696                                   22607 Hamburg
> e-mail: stefan.dietrich at desy.de                                  Germany
> ------------------------------------------------------------------------
> 
> 
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> Linux-PowerEdge mailing list
> Linux-PowerEdge at dell.com
> https://lists.us.dell.com/mailman/listinfo/linux-poweredge
> 
> ------------------------------
> 
> End of Linux-PowerEdge Digest, Vol 175, Issue 2
> ***********************************************



More information about the Linux-PowerEdge mailing list