Solved: Re: Permission Denied whilst entering cplic or any...

Duffy · ‎2023-08-15

Hello,

I am having issues in applying the cp commands as it gives me permission denied as follows:

Last login: Tue Aug 15 13:56:27 2023 from 10.21.0.254
-bash: /etc/hcp/conf/.new_hcp_take_installed: Permission denied

rm: cannot remove '/etc/hcp/conf/.new_hcp_take_installed': Permission denied
-bash: /bin/fwaccel_autocomplete.sh: No such file or directory
[Expert@Mgmt]# cphaprob stat
-bash: cphaprob: command not found
[Expert@Mgmt]# cplic print
-bash: cplic: command not found
[Expert@Mgmt]# clish
CLINFR0771 Config lock is owned by ca_ocd_ladmin. Use the command 'lock database override' to acquire the lock.
Mgmt> cpprob stat
CLINFR0329 Invalid command:'cpprob stat'.
Mgmt> cplic print
/tmp/.CPprofile.sh: line 1: /opt/CPshrd-R81.10/scripts/cpprofile_functions.sh: Permission denied
Mgmt>

the user account that i use is the same as the user account of admin with shell : /etc/cli.sh , i tried with the another shell with /bin/bash but in vain too.

There is no authentication raduis configued just accounts to access the WebUI of the firewall. Any ideas ?

Thank you

Duffy · ‎2023-08-16

Turns out the uid in the end when i changed it to 0 instead of 104 uid assigned earlier it worked fine afterwards.

View solution in original post

_Val_ · ‎2024-08-27

Please look into sk120972

View solution in original post

_Val_ · ‎2023-08-15

Do you have other admin accounts where this works?

Duffy · ‎2023-08-15

Hello Val,

Yes the default admin account , i just noticed that i changed the account i am using to the same uid for the default admin account and it worked afterwards.

Seems a strange way to make it work , but it worked in the end.

Thank you.

_Val_ · ‎2023-08-15

This is not a fix. Something was misconfigured with your non-working account, and now you do not know what exactly. Check the user role it was created with.

Duffy · ‎2023-08-16

the user role that it's assigned too is the same as admin and i thought of changing the uid back to 0 same as admin account , this is where it started working as intended.

the_rock · ‎2023-08-15

As Val said, something efinitely would have been misconfigured with the other account. If default admin account works fine, then its either permission issue or UID.

Andy

Its like below:

Duffy · ‎2023-08-16

Turns out the uid in the end when i changed it to 0 instead of 104 uid assigned earlier it worked fine afterwards.

SunilShivnani1 · ‎2024-06-26

I am facing same issue with some of the gateways. I login with my ID which is Non-Gaia (non_local) user ID using TACACS authentication. Then elevate privilege to TACP-15 and jump to Expert. As the user doesn't exist in GAIA configuration, I can't set UID 0. This issue is only on few gateways, while in large number of other gateways, it works fine. I am sure there is no difference in configuration of all these gateways.

I welcome any suggestions.

MSpA · ‎2024-08-27

Hi,

I have the same behavior with RADIUS users.

I tried to set "Super User UID" parameter to "0" but still have the problem.

Any idea?

Super User UID

expert message

_Val_ · ‎2024-08-27

Please look into sk120972

MSpA

Hello Valery,

thank you for your help. We finally configured the given sk120972 which solved the problem. I can also confirm that it works with both /etc/cli.sh and /bin/bash shells.

We used Cisco ISE in order to pass the 2 parameters: CP-Gaia-User-Role and CP-Gaia-SuperUser-Access.

Any experience with Okta? It seems like it cannot pass more than 1 parameter.

Are you a member of CheckMates?

Permission Denied whilst entering cplic or any cp command