Environment
Novell Access Manager 3.1 Administration Console Server on Linux
Novell Access Manager 3.1 SUpport Pack 4 applied
Novell Access Manager 3.1 SUpport Pack 4 applied
Situation
During a proactive healthcheck, it was noticed that the Tomcat server.xml file on the Admin Console had the root:root.owner instead of novlwww:novlwww owner. The Administrator changed the file owner manually to novlwww:novlwww and restarted tomcat to make sure no damage was done. Everything continued to work correctly until the Administrator realised that the file owner was back to root:root the following day.
The only changes done to the file system was an overnight cron job to run ambkup.sh script. Looking at this script, there did seem to be some copy operations done to the server.xml file.
The only changes done to the file system was an overnight cron job to run ambkup.sh script. Looking at this script, there did seem to be some copy operations done to the server.xml file.
Resolution
Manually modified the ambkup.sh script to change server.xml permissions to novlwww:novlwww after the copy operation. This can also be done manually, although having the owner as root will not impact functionality at all. When the ownership is with root
-rw-r--r-- 1 root root 21438 Dec 8 11:09 server.xml
the novlwww user still has the read rights to the server.xml required to read the connector details.
A defect has been entered and the ambkup.sh script will address this with Access Manager 3.2.
-rw-r--r-- 1 root root 21438 Dec 8 11:09 server.xml
the novlwww user still has the read rights to the server.xml required to read the connector details.
A defect has been entered and the ambkup.sh script will address this with Access Manager 3.2.