Unable to query data stored in archived partitions

  • 7007738
  • 31-Jan-2011
  • 12-Feb-2013

Environment

Sentinel 7.x
Sentinel Log Manager 1.x

Situation

Unable to query data stored in archived partitions.
When looking at server0.0.log, you will see the following error:
Mon Jan 31 10:22:18 MST 2011|SEVERE|Thread-319202|esecurity.ccs.comp.event.indexedlog.IndexedLogSearchJob.run IO Error performing search.;
Exception Unable to mount squashfs index '<partitio_path>/index.sqfs': novell's password:; java.io.IOException;

Mon Jan 31 10:22:18 MST 2011|SEVERE|Thread-319202|esecurity.ccs.comp.event.indexedlog.IndexedLogSearchJob.run java.io.IOException: Unable to mount squashfs index '<partitio_path>/index.sqfs': novell's password:
at esecurity.ccs.comp.event.indexedlog.SquashFSDirectory.mountIndex(SquashFSDirectory.java:539)
at esecurity.ccs.comp.event.indexedlog.SquashFSDirectory$SquashFSMount.mount(SquashFSDirectory.java:378)

Resolution

Edit /etc/sudoers and add the following line:
novell ALL = NOPASSWD: /bin/mount, /bin/umount

NOTE: RedHat Enterprise Linux Server 5.x and 6.x have a new requiretty flag within the /etc/sudoers file. Therefore it's required to disable it for novell user:
Defaults:novell !requiretty

Additional Information

The file /etc/sudoers has a list of rules defining which users may execute what when using sudo command. This is necessary due to archive partitions storage in squashfs image files, thus novell user must be able to mount and umount partitions in order to query data.
 
This issue impacts both RHEL and SuSE operating systems.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.