This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Duffy
Participant
‎2023-08-15 05:39 AM
Jump to solution

Permission Denied whilst entering cplic or any cp command

Hello,

 

I am having issues in applying the cp commands as it gives me permission denied as follows:

Last login: Tue Aug 15 13:56:27 2023 from 10.21.0.254
-bash: /etc/hcp/conf/.new_hcp_take_installed: Permission denied

 

rm: cannot remove '/etc/hcp/conf/.new_hcp_take_installed': Permission denied
-bash: /bin/fwaccel_autocomplete.sh: No such file or directory
[Expert@Mgmt]# cphaprob stat
-bash: cphaprob: command not found
[Expert@Mgmt]# cplic print
-bash: cplic: command not found
[Expert@Mgmt]# clish
CLINFR0771 Config lock is owned by ca_ocd_ladmin. Use the command 'lock database override' to acquire the lock.
Mgmt> cpprob stat
CLINFR0329 Invalid command:'cpprob stat'.
Mgmt> cplic print
/tmp/.CPprofile.sh: line 1: /opt/CPshrd-R81.10/scripts/cpprofile_functions.sh: Permission denied
Mgmt>

 

the user account that i use is the same as the user account of admin with shell : /etc/cli.sh , i tried with the another shell with /bin/bash but in vain too.

 

There is no authentication raduis configued just accounts to access the WebUI of the firewall. Any ideas ?

 

Thank you

0 Kudos
2 Solutions

Accepted Solutions
Duffy
Participant
‎2023-08-16 09:56 PM
In response to the_rock
Jump to solution

Turns out the uid in the end when i changed it to 0 instead of 104 uid assigned earlier it worked fine afterwards.

View solution in original post

0 Kudos
_Val_
Admin
Admin
‎2024-08-27 12:16 AM
In response to MSpA
Jump to solution

Please look into sk120972

View solution in original post

0 Kudos
10 Replies
_Val_
Admin
Admin
‎2023-08-15 06:51 AM
Jump to solution

Do you have other admin accounts where this works?

 

Duffy
Participant
‎2023-08-15 08:10 AM
In response to _Val_
Jump to solution

Hello Val,

 

Yes the default admin account , i just noticed that i changed the account i am using to the same uid for the default admin account and it worked afterwards.

 

Seems a strange way to make it work , but it worked in the end. 

Thank you.

0 Kudos
_Val_
Admin
Admin
‎2023-08-15 09:25 AM
In response to Duffy
Jump to solution

This is not a fix. Something was misconfigured with your non-working account, and now you do not know what exactly. Check the user role it was created with.

Duffy
Participant
‎2023-08-16 09:57 PM
In response to _Val_
Jump to solution

the user role that it's assigned too is the same as admin and i thought of changing the uid back to 0 same as admin account , this is where it started working as intended.

 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2023-08-15 11:08 AM
In response to Duffy
Jump to solution

As Val said, something efinitely would have been misconfigured with the other account. If default admin account works fine, then its either permission issue or UID.

Andy

Its like below:

 

Screenshot_1.png

Best,
Andy
"Have a great day and if its not, change it"
Duffy
Participant
‎2023-08-16 09:56 PM
In response to the_rock
Jump to solution

Turns out the uid in the end when i changed it to 0 instead of 104 uid assigned earlier it worked fine afterwards.

0 Kudos
SunilShivnani1
Explorer
‎2024-06-26 11:18 AM
In response to _Val_
Jump to solution

I am facing same issue with some of the gateways. I login with my ID which is Non-Gaia (non_local) user ID using TACACS authentication. Then elevate privilege to TACP-15 and jump to Expert. As the user doesn't exist in GAIA configuration, I can't set UID 0. This issue is only on few gateways, while in large number of other gateways, it works fine. I am sure there is no difference in configuration of all these gateways.

I welcome any suggestions.

0 Kudos
MSpA
Participant
Participant
‎2024-08-27 12:10 AM
In response to SunilShivnani1
Jump to solution

Hi,

I have the same behavior with RADIUS users.

I tried to set "Super User UID" parameter to "0" but still have the problem.

Any idea?

Super User UIDSuper User UID
 
 
 
 
 
expert messageexpert message
0 Kudos
_Val_
Admin
Admin
‎2024-08-27 12:16 AM
In response to MSpA
Jump to solution

Please look into sk120972

0 Kudos
MSpA
Participant
Participant
‎2024-09-24 03:07 AM
In response to _Val_
Jump to solution

Hello Valery,

thank you for your help. We finally configured the given sk120972 which solved the problem. I can also confirm that it works with both /etc/cli.sh and /bin/bash shells.

We used Cisco ISE in order to pass the 2 parameters: CP-Gaia-User-Role and CP-Gaia-SuperUser-Access.

Any experience with Okta? It seems like it cannot pass more than 1 parameter.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events