https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/189517#M34894 <P>Hello,</P><P>&nbsp;</P><P>I am having issues in applying the cp commands as it gives me permission denied as follows:</P><P>Last login: Tue Aug 15 13:56:27 2023 from 10.21.0.254<BR />-bash: /etc/hcp/conf/.new_hcp_take_installed: Permission denied</P><P>&nbsp;</P><P>rm: cannot remove '/etc/hcp/conf/.new_hcp_take_installed': Permission denied<BR />-bash: /bin/fwaccel_autocomplete.sh: No such file or directory<BR />[Expert@Mgmt]# cphaprob stat<BR />-bash: cphaprob: command not found<BR />[Expert@Mgmt]# cplic print<BR />-bash: cplic: command not found<BR />[Expert@Mgmt]# clish<BR />CLINFR0771 Config lock is owned by ca_ocd_ladmin. Use the command 'lock database override' to acquire the lock.<BR />Mgmt&gt; cpprob stat<BR />CLINFR0329 Invalid command:'cpprob stat'.<BR />Mgmt&gt; cplic print<BR />/tmp/.CPprofile.sh: line 1: /opt/CPshrd-R81.10/scripts/cpprofile_functions.sh: Permission denied<BR />Mgmt&gt;</P><P>&nbsp;</P><P>the user account that i use is the same as the user account of admin with shell : /etc/cli.sh , i tried with the another shell with /bin/bash but in vain too.</P><P>&nbsp;</P><P>There is no authentication raduis configued just accounts to access the WebUI of the firewall. Any ideas ?</P><P>&nbsp;</P><P>Thank you</P> Tue, 15 Aug 2023 12:39:29 GMT Duffy 2023-08-15T12:39:29Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/189517#M34894 <P>Hello,</P><P>&nbsp;</P><P>I am having issues in applying the cp commands as it gives me permission denied as follows:</P><P>Last login: Tue Aug 15 13:56:27 2023 from 10.21.0.254<BR />-bash: /etc/hcp/conf/.new_hcp_take_installed: Permission denied</P><P>&nbsp;</P><P>rm: cannot remove '/etc/hcp/conf/.new_hcp_take_installed': Permission denied<BR />-bash: /bin/fwaccel_autocomplete.sh: No such file or directory<BR />[Expert@Mgmt]# cphaprob stat<BR />-bash: cphaprob: command not found<BR />[Expert@Mgmt]# cplic print<BR />-bash: cplic: command not found<BR />[Expert@Mgmt]# clish<BR />CLINFR0771 Config lock is owned by ca_ocd_ladmin. Use the command 'lock database override' to acquire the lock.<BR />Mgmt&gt; cpprob stat<BR />CLINFR0329 Invalid command:'cpprob stat'.<BR />Mgmt&gt; cplic print<BR />/tmp/.CPprofile.sh: line 1: /opt/CPshrd-R81.10/scripts/cpprofile_functions.sh: Permission denied<BR />Mgmt&gt;</P><P>&nbsp;</P><P>the user account that i use is the same as the user account of admin with shell : /etc/cli.sh , i tried with the another shell with /bin/bash but in vain too.</P><P>&nbsp;</P><P>There is no authentication raduis configued just accounts to access the WebUI of the firewall. Any ideas ?</P><P>&nbsp;</P><P>Thank you</P> Tue, 15 Aug 2023 12:39:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/189517#M34894 Duffy 2023-08-15T12:39:29Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/189535#M34904 <P>Do you have other admin accounts where this works?</P> <P>&nbsp;</P> Tue, 15 Aug 2023 13:51:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/189535#M34904 _Val_ 2023-08-15T13:51:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/189542#M34908 <P>Hello Val,</P><P>&nbsp;</P><P>Yes the default admin account , i just noticed that i changed the account i am using to the same uid for the default admin account and it worked afterwards.</P><P>&nbsp;</P><P>Seems a strange way to make it work , but it worked in the end.&nbsp;</P><P>Thank you.</P> Tue, 15 Aug 2023 15:10:27 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/189542#M34908 Duffy 2023-08-15T15:10:27Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/189544#M34910 <P>This is not a fix. Something was misconfigured with your non-working account, and now you do not know what exactly. Check the user role it was created with.</P> Tue, 15 Aug 2023 16:25:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/189544#M34910 _Val_ 2023-08-15T16:25:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/189550#M34911 <P>As Val said, something efinitely would have been misconfigured with the other account. If default admin account works fine, then its either permission issue or UID.</P> <P>Andy</P> <P>Its like below:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot_1.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22069iF8369B7585F0DFCB/image-size/medium?v=v2&amp;px=400" role="button" title="Screenshot_1.png" alt="Screenshot_1.png" /></span></P> <P> </P> Tue, 15 Aug 2023 18:08:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/189550#M34911 the_rock 2023-08-15T18:08:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/189704#M34952 <P>Turns out the uid in the end when i changed it to 0 instead of 104 uid assigned earlier it worked fine afterwards.</P> Thu, 17 Aug 2023 04:56:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/189704#M34952 Duffy 2023-08-17T04:56:19Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/189705#M34953 <P>the user role that it's assigned too is the same as admin and i thought of changing the uid back to 0 same as admin account , this is where it started working as intended.</P><P>&nbsp;</P> Thu, 17 Aug 2023 04:57:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/189705#M34953 Duffy 2023-08-17T04:57:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/218853#M41795 <P>I am facing same issue with some of the gateways. I login with my ID which is Non-Gaia (non_local) user ID using TACACS authentication. Then elevate privilege to TACP-15 and jump to Expert. As the user doesn't exist in GAIA configuration, I can't set UID 0. This issue is only on few gateways, while in large number of other gateways, it works fine. I am sure there is no difference in configuration of all these gateways.</P><P>I welcome any suggestions.</P> Wed, 26 Jun 2024 18:18:55 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/218853#M41795 SunilShivnani1 2024-06-26T18:18:55Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/224599#M43168 <P>Hi,</P><P>I have the same behavior with RADIUS users.</P><P>I tried to set "Super User UID" parameter to "0" but still have the problem.</P><P>Any idea?</P><DIV class=""><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="Super User UID" style="width: 392px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/27350i7687CD8DD2F7EA99/image-size/large?v=v2&amp;px=999" role="button" title="radius UID.png" alt="Super User UID" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Super User UID</span></span></DIV><DIV class="">&nbsp;</DIV><DIV class="">&nbsp;</DIV><DIV class="">&nbsp;</DIV><DIV class="">&nbsp;</DIV><DIV class="">&nbsp;</DIV><DIV class=""><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="expert message" style="width: 501px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/27351i784FD6226FC52798/image-size/large?v=v2&amp;px=999" role="button" title="expert message.png" alt="expert message" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">expert message</span></span></DIV> Tue, 27 Aug 2024 07:11:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/224599#M43168 MSpA 2024-08-27T07:11:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/224600#M43169 <P>Please look into&nbsp;<A href="https://support.checkpoint.com/results/sk/sk120972" target="_self"><SPAN>sk120972</SPAN></A></P> Tue, 27 Aug 2024 07:16:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/224600#M43169 _Val_ 2024-08-27T07:16:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/227729#M43803 <P>Hello Valery,</P><P>thank you for your help. We finally configured the given sk120972 which solved the problem. I can also confirm that it works with both /etc/cli.sh and /bin/bash shells.</P><P>We used Cisco ISE in order to pass the 2 parameters:&nbsp;<STRONG>CP-Gaia-User-Role</STRONG> and&nbsp;<STRONG>CP-Gaia-SuperUser-Access</STRONG>.</P><P>Any experience with Okta? It seems like it cannot pass more than 1 parameter.</P> Tue, 24 Sep 2024 10:07:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Permission-Denied-whilst-entering-cplic-or-any-cp-command/m-p/227729#M43803 MSpA 2024-09-24T10:07:03Z