Forum Discussion

F5_Digger_13600's avatar
F5_Digger_13600
Icon for Cirrus rankCirrus
Oct 27, 2017

An error with running a command by remote user

Did anyone have this error before?

 

Basically we are using authentication and authorization through TACACS.

 

One of remote users with the auditor role ran the command "show running-config" to grep all configuration on the LTM. Then the user encountered the following error.

 

 

Error Message

 

Unexpected Error: Can't chmod key management directory: "/var/tmp/key_mgmt", error: [1] Operation not permitted

 

 

 

Environment

 

BIG-IP: 11.5.4 HF2

 

Authentication/Authorization: TACACS

 

 

I did some googling and found below release note. Then I tried the workaround but it didn't fix the problem. BIG-IP 11.5.4 Release Note: https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-11-5-4.html Go to Known bug (568566)

 

 

I wonder if there is any better solution or only solution is to upgrade BIG-IP?

 

Thank you

 

application delivery
BIG-IP
LTM

1 Reply

Sort By
  • F5_Digger_13600's avatar
    F5_Digger_13600
    Icon for Cirrus rankCirrus
    Oct 31, 2017

    I opened up a F5 case with this and here is the solution.

     

     

    If the workaround doesn't fix the issue, do followings.

     

    As a root, run:

     

     

     

    rm -rf /var/tmp/key_mgmt/

    Once a remote user run the command again, the directory key_mgmt will be created again.

     

    Result of ls -lZ | grep key_mgmt

     

    Before the change: drwxr-xr-x. root root root:object_r:tmp_t:s0 key_mgmt

     

    After the change: drwxr-xr-x f5_remoteuser f5_remoteuser user_u:object_r:tmp_t key_mgmt

     

     

    I don't think Security context wasn't the issue as other devices having "Before the change" work fine. Maybe some corruption inside of key_mgmt folder but this is my guess.

     

     

    Thank you.