Hi,
I am facing an issue in vio server. When I run
bosboot -ad /dev/hdisk0
I am getting an error
trustchk: Verification of attributes failed: /usr/sbin/bootinfo
: accessauths
regards,
vjm
Hi,
I am facing an issue in vio server. When I run
bosboot -ad /dev/hdisk0
I am getting an error
trustchk: Verification of attributes failed: /usr/sbin/bootinfo
: accessauths
regards,
vjm
the file /usr/sbin/bootinfo has wrong attributes (user/group/permissions/size) as it should have for trusted computing base
maybe try to copy the permissions from another server, default permissions are
-r-xr-x--- 1 bin bin 13852 Aug 15 2011 /usr/sbin/bootinfo
size changes of course with your AIX release and technology level
Edit:
check out this link
http://www.ibm.com/developerworks/aix/library/au-trustedenviron/index.html
the command that might solve your issue is:
trustchk -y /usr/sbin/bootinfo
of course someone could have manipulated this command, but more obvious, bootinfo is a command with nice outputs for monitoring tools or configuration management databases, and these tools normally don't run as root user
so you might have changed the permission for this command, so it can be run as non root user (since most pvs on the vio server are not part of volume groups, lspv will not work, so you will most likely use bootinfo -s for example)
changing these attributes may lead to other errors in your environment
cheers
funksen
Hi,
I have newly installed this vio server from cd and have not enabled trust base.
So why its giving this error. No body has access to this server. Is it any bug in the os. vios 2.2.1.4
Regards,
vjm
don't know if it's a bug in this release
did you try
trustchk -y
?
Run "cksum /usr/sbin/bootinfo" and hopefully someone with a working 2.2.1.4 install can run it too and you can compare the results. I'd show you, but I'm on 2.2.1.3:
vio0:/home/padmin:# ioslevel
2.2.1.3
vio0:/home/padmin:# oem_setup_env
# cksum /usr/sbin/bootinfo
850554791 14276 /usr/sbin/bootinfo
#
Same problem after upgrade VIO to 2.2.1.3, as we updated our SDDPCM driver under oem_setup_env (changes to root instead of padmin !) and smitty update_all:
...
Finished processing all filesets. (Total time: 29 secs).
0503-409 installp: bosboot verification starting...
installp: bosboot verification completed.
0503-408 installp: bosboot process starting...
trustchk: Verification of attributes failed: /usr/bin/tee : group mode
trustchk: Verification of attributes failed: /usr/sbin/bootinfo : accessauths
bosboot: Boot image is 49180 512 byte blocks.
0503-292 This update will not fully take effect until after a
system reboot.
...
Since the bosboot worked in our case, we didn't call IBM support.
Here is a working server:
# /usr/ios/cli/ioscli ioslevel
2.2.1.4
# bosboot -ad /dev/hdisk0
bosboot: Boot image is 51228 512 byte blocks.
# cksum /usr/sbin/bootinfo
3368613133 14276 /usr/sbin/bootinfo
#
Here is a non-working server:
# /usr/ios/cli/ioscli ioslevel
2.2.1.4
# bosboot -ad /dev/hdisk0
trustchk: Verification of attributes failed: /usr/bin/tee
: group mode
bosboot: Boot image is 51228 512 byte blocks.
# cksum /usr/sbin/bootinfo
3368613133 14276 /usr/sbin/bootinfo
#
Calling IBM to see what they say...
---------- Post updated at 02:07 PM ---------- Previous update was at 01:44 PM ----------
Make sure the permissions of the /usr/bin/tee file are correct, here they are after i updated them:
# ls -l /usr/bin/tee
-r-xr-xr-x 1 bin bin 4318 May 10 2008 /usr/bin/tee
# bosboot -ad /dev/hdisk0
bosboot: Boot image is 51228 512 byte blocks.
#
In my VIO, /usr/bin/tee is missing execute for "others":
$ ls -l /usr/bin/tee
-r-xr-xr-- 1 bin staff 4318 Mar 12 2010 /usr/bin/tee
bootinfo is missing all "other" bits:
$ ls -l /usr/sbin/bootinfo
-r-xr-x--- 1 bin bin 14276 Jun 8 2011 /usr/sbin/bootinfo
Since we didn't modify that and its in all VIO-servers, this must have been modified by IBM's VIOS updates
Hmmm, ill have to check some of my other VIOs to see what their permissions are on /usr/bin/tee as i only checked my other 2.2.1.4 server.
I do believe that, in the case lf a 2.2.1.4 upgrade from a previous VIOS version, some files which are touched per the upgrade may inherit the permissions of the directory your installing from.