Non seeded users ...
Hi,
Need query to list non seeded users and responsibilites with end date greater than the current date
Nearest one: but does'nt remove seeded users and date related condition
select usr.user_name, res.responsibility_name , usrrep.start_date, usrrep.end_date from fnd_user usr , FND_USER_RESP_GROUPS_DIRECT usrrep, fnd_responsibility_tl res where usr.user_id=usrrep.user_id and usrrep.responsibility_id=res.RESPONSIBILITY_ID group by usr.user_name,res.responsibility_name,usrrep.start_date, usrrep.end_date
Thanks,
jai
Hi,
For seeded user list check:
What Is The Impact Of Disabling Oracle Seeded Users? [ID 418767.1]
For can list please see:
Re: List User by Responsibility
Regard
Helios
Similar Messages
-
Hi,
"Report Builder is a report authoring environment for business users who prefer to work in the Microsoft Office environment.
You work with one report at a time. You can modify a published report directly from a report server. You can quickly build a report by adding items from the Report Part Gallery provided by report designers from your organization." - As mentioned
on TechNet.
I wonder how a non-technical business analyst can use Report Builder 3 to create ad-hoc reports/analysis with list of parameters based on other data sets.
Do they need to learn TSQL or how to add and link parameter in Report Builder? then How they can add parameter into a report. Not sure what i am missing from whole idea behind Report builder then?
I have SQL Server 2012 STD and Report Builder 3.0 and want to train non-technical users to create reports as per their need without asking to IT department.
Everything seems simple and working except parameters with list of values e.g. Sales year List, Sales Month List, Gender etc. etc.
So how they can configure parameters based on Other data sets?
Workaround in my mind is to create a report with most of columns and add most frequent parameters based on other data sets and then non-technical user modify that report according to their needs but that way its still restricting users to
a set of defined reports?
I want functionality like "Excel Power view parameters" into report builder which is driven from source data and which is only available Excel 2013 onward which most of people don't have yet.
So how to use Report Builder. Any other thoughts or workaround or guide me the purpose of Report Builder, please let me know.
Many thanks and Kind Regards,
For quick review of new features, try virtual labs: http://msdn.microsoft.com/en-us/aa570323Hi Asam,
If we want to create a parameter depend on another dataset, we can additional create or add the dataset, embedded or shared, that has a query that contains query variables. Then use the option that “Get values from a
query” to get available values. For more details, please see:http://msdn.microsoft.com/en-us/library/dd283107.aspx
http://msdn.microsoft.com/en-us/library/dd220464.aspx
As to the Report Builder features, we can refer to the following articles:http://technet.microsoft.com/en-us/library/hh213578.aspx
http://technet.microsoft.com/en-us/library/hh965699.aspx
Hope this helps.
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support -
iMac, 2 users, one is administrator and other is standard user. Recently, in the non-admin user account, it has become impossible to make any changes. For example, adding an application to the the Dock, after logging out and back in next time, the application is not in the Dock any more. Also, making changes to the prefs in Safari, changes are not saved.
I noticed this after installing FireFox v4. I installed it as admin whilst in the non-admin users account. However, I don't believe that the installation of FF has anything to do with the problem, it just highlighted it. I've checked the permissions for the various directories that hold prefs info such as user/libraries/application prefs/etc. etc. and also Safari prefs. Nothing I can see that has changed in system prefs.
Any ideas on what has caused the problem (kids are known to fiddle from within the non-admin account) and any ideas on how to fix it?
ThanksHi PPRuNe,
You could try making the standard user an Admin too. To do this, make sure you are logged in to the standard user, go to System Preferences > Accounts > Standard user (you may have to unlock the padlock) > Allow user to administer this computer
This will allow changes to be made without being prompted for a password all the time.
However, if you had Parental Controls on, they probably won't work on an admin account because as an admin you have complete control over a computer, so the computer thinks there is no point in having the controls turned on. And if the kids are known to "fiddle," just think carefully!
Hope this helps you.
Chris. -
Cannot send enmail from my ipad 3 mini to non iphone users but i can from my iPhone
I Cannot send email from my iPad mini 3 to non iPhone users however I can thri my apple phone
Hey Jkm1951,
If you are having an issue with being unable to send email from your iPad, I would suggest that you troubleshoot using the steps in this article -
Get help with Mail on iPhone, iPad, and iPod touch - Apple Support
Thanks for using Apple Support Communities.
Happy computing,
Brett L -
How to allow access to winrs for non-admin user?
I have Windows Server 2012 (and Server 2008, but it is next priority) to monitor it using txwinrm. txwinrm library internally is using WinRS protocol. I have to monitor it using least privileged user, but don't know how to configure access for him.
All I managed to do - is to configure remote Powershell session for my user, but it's look like that winrs and powershell sessions have different security descriptors:
Invoke-Command -ComputerName 192.168.173.206 -Credential (credential Administrator $pwd) -ScriptBlock { 2 + 2}
# gives 4
Invoke-Command -ComputerName 192.168.173.206 -Credential (credential lpu1 $pwd) -ScriptBlock { 2 + 2}
# gives 4
winrs -r:192.168.173.206 -u:Administrator -p:$pwd 'powershell -command "2+2"'
# gives 4
winrs -r:192.168.173.206 -u:lpu1 -p:$pwd 'powershell -command "2+2"'
# Gives Winrs error: Access is denied.
Configuration for my user is following:
(Get-Item WSMan:\localhost\Service\RootSDDL).value
# O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1141)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
(Get-PSSessionConfiguration -name Microsoft.Powershell).SecurityDescriptorSddl
# O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1149)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
(In each security descriptor my user is given general access to protected object).
So what security descriptor should I set to make my winrs query work for non-admin user?Hi Bunyk,
I can not recreate the erroe you posted, and please also post the screenshoot in your convenience.
I tested with a non-domain user but has the local admin permission of the remote computer, and this worked, before running the remote cmdlet in powershell, I also configured the TrustedHosts.
In addition, the access denied could be also caused to the Protocol Filtering on the remote server, for more detailed information, please refer to this thread:
winrs error:access is denied
I hope this helps. -
I can send and receive to any non iPhone user. I can send a message as a text to an iPhone user but if I'm not connected to cellular data or wifi I do not receive messages from iPhone contacts. From what I understand these message should automatically send to me as texts instead of iMessages but since the update it's not functioning properly. Please help. I've tried turning iMessage off and I still don't receive the messages until after I reconnect to wifi.
I have the same problem! Before the upgrade, if I wasn't connected to the internet, any messages sent to me from an iphone would convert automatically to a text message. I have payg tarriff, so I turn cell data off, as it costs too much to use it. I have wifi at home and work, but if I'm out and about, I don't receive texts from iphone users until I'm on wifi. I get them ok from non iphone users. There was never any problem until ios7
-
Access to ZMSS## t-codes in R/3 by non-HR Users
In our production system, a user with no HR access was able to access the following transaction codes:
ZMSS01
ZMSS02
ZMSS03
ZMSS04
ZMSS05
These transactions cannot be accessed from the main SAP Easy Access Menu (in R/3). But if you are in a different transaction code and you type /nZMSS##, then it opens the transaction. For example, a non-HR user from the Finance team was in transaction ZKKS1 (Variances: Manufacturing Orders and Product Cost Collectors) was able to type /nZMSS01 and accessed the HR reports.
These are all t-codes that were built for use on the Enterprise Portal to run reports. When used in R/3, they open the same reports. Since the user does not have any HR authorizations, they were not able to execute the reports to get results, however this is a security concern as a non-HR user has access to HR reporting screens (even though they cannot execute the reports).
Is anyone familiar with how users could be getting this additional access? Also how does a user have access to the transactions ZMSS## from another SAP transaction but not from the SAP Easy Access Menu? Is there a way to restrict access to these report transactions?
Thank you,
GaoGao,
Did the developers of the t_codes add authorization objects to the transaction codes and programs? If not they should as that is the security restriction you add to a transaction to limit users.
Go t_code SE93 --> Enter ZMSS01 --> Display and see the authorization object field and maintain the Authorization Object for this t_code.
*Documentation:
Auth. object in user master maintenance
Element of the authorization system.
An authorization object combines up to 10 authorization fields, which are checked using the AND connective.
Authorizations are checked against objects in the system. Authorization objects enable complex checks (linked to several conditions) of an authorization. For the authorization check to be successful, the user must pass the check for each field contained in the object.
Procedure
Enter the name of the authorization object, which is checked against the authorizations of the calling user when a transaction is started. If the user does not have the necessary authorizations, the transaction will be cancelled.
You should normally specify an object, which is also checked within the program.
This check only takes place when calls are made via START TRANSACTION and via the entry "/n<Transaction code>".
The check is not performed for CALL TRANSACTION or for parameter transactions. If a critical transaction is called in this way, it is the responsibility of the caller to perform the necessary check (AUTHORITY-CHECK). -
How do I fix a problem group messaging with one non-iphone user and several iphone users?
My brother switched from an iphone to another smart phone several months ago. The rest of our family all have iphones. When he made the switch, my sister suddenly had problems with group messages going through for him--they went through as imessages for her instead of SMS or MMS. I didn't have that problem until a few days ago. I upgraded to an iphone 6 about a week ago, and group messaging my brother worked fine at first, and then a couple of days ago, suddenly stopped working. If I am texting him singly, it's fine. But in group texts, it automatically sets at imessage.
He has called apple and his number is completely deregistered with imessage. Does anyone know what else we can try? I have deleted all previous messages that were imessage and deleted and re-entered him as a contact.I'm assuming neither of you heard back from anyone? I'm having the same issue - just in the last few days. The non-iphone user is not receiving texts from the group message because it is sending as an imessage. It flipped to imessage randomly last week. I've tried to delete the group message and restart it; same issue. Would love to hear how to resolve, Apple!
-
When I send a message in a group with non-iPhone users it appears as "New Multimedia Message." One of my friends in the group also has an iPhone and his doesn't appear this way, how do I change my settings so it appears as a normal text message and not an mms?
iOS: Troubleshooting Messages - Apple Support
Send a group message with your iPhone, iPad, or iPod touch - Apple Support
Send messages with your iPhone, iPad, or iPod touch - Apple Support -
I have just upgraded to 10.9 OS and shared my calendars with iCloud. I would like to make them public and get a url that so non iCloud users can see them. When I click on the "public" calendar checkbox and email the link I am given, I try to test it and it is not an "https://" address, but a "webcal://" which just reopens iCal and asks me if I want to subscribe.
Please let me know what I can do to get this to work.
I am hoping that iCal has not changed and is no longer available for public sharing.Hi Norm,
I sent this invite to my gmail account as a test, both as a public shared view only and editable calendar and received the same message in both cases. As you can see the email states that I need to be an icloud member.
What is the next step to fix this? -
Non root user can delete root files, bug?
We're having an odd permissions based problem on Solaris 10 u5 x86_64, (new install, fully patched as of 2 days ago) It means that non root users can delete root owned files, which is something I've never seen before, and I've been doing this for almost 10 years.
We're installing into an 80Gb container on VMware ESX server 3.0.1. The OS takes 20Gb (2 processors, 4Gb memory, 8Gb swap) most of the remaining 60Gb is being used as both file systems and raw devices under disksuite as soft partitions. It's one of the file systems, /apps (where we plan to install sybase) that is giving us "issues"
Essentially:
# more /etc/vfstab |grep apps
/dev/md/dsk/d0 /dev/md/rdsk/d0 /apps ufs 2 yes -
# newfs -v /dev/md/rdsk/d0
/dev/md/rdsk/d0: Unable to find Media type. Proceeding with system determined parameters.
newfs: /dev/md/rdsk/d0 last mounted as /apps
newfs: construct a new file system /dev/md/rdsk/d0: (y/n)? y
mkfs -F ufs /dev/md/rdsk/d0 20971520 -1 -1 8192 1024 264 1 546 8192 t 0 -1 8 7 n
/dev/md/rdsk/d0: Unable to find Media type. Proceeding with system determined parameters.
Warning: 4096 sector(s) in last cylinder unallocated
/dev/md/rdsk/d0: 20971520 sectors in 3414 cylinders of 48 tracks, 128 sectors
10240.0MB in 214 cyl groups (16 c/g, 48.00MB/g, 5824 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
32, 98464, 196896, 295328, 393760, 492192, 590624, 689056, 787488, 885920,
20055584, 20154016, 20252448, 20350880, 20449312, 20547744, 20646176,
20744608, 20843040, 20941472
# mount /apps
# ls -al /apps
total 20
drwxr-xr-x 3 root root 512 Sep 10 12:31 .
drwxr-xr-x 38 root root 1024 Sep 10 12:09 ..
drwx------ 2 root root 8192 Sep 10 12:31 lost+found
# su - sybase
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
sol10% cd /apps
sol10% rm *
rm: lost+found is a directory
sol10% rm -rf *
rm: cannot read directory lost+found: Permission denied
sol10% ls -al
total 20
drwxr-xr-x 3 root root 512 Sep 10 12:31 .
drwxr-xr-x 38 root root 1024 Sep 10 12:09 ..
drwx------ 2 root root 8192 Sep 10 12:31 lost+found
sol10% exit
sol10% logout
# chgrp sybase /apps
# chmod g+w /apps
# ls -ald /apps
drwxrwxr-x 3 root sybase 512 Sep 10 12:31 /apps
# ls -al /apps
total 20
drwxrwxr-x 3 root sybase 512 Sep 10 12:31 .
drwxr-xr-x 38 root root 1024 Sep 10 12:09 ..
drwx------ 2 root root 8192 Sep 10 12:31 lost+found
# su - sybase
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
sol10% cd /apps
sol10% rm -rf *
sol10% ls -al
total 4
drwxrwxr-x 2 root sybase 512 Sep 10 12:34 .
drwxr-xr-x 38 root root 1024 Sep 10 12:09 ..
sol10% id
uid=***(sybase) gid=***(sybase)
sol10% exit
sol10% logout
# pwd
# ls -ald /apps
drwxrwxr-x 2 root sybase 512 Sep 10 12:34 /apps
# ls -al /apps
total 4
drwxrwxr-x 2 root sybase 512 Sep 10 12:34 .
drwxr-xr-x 38 root root 1024 Sep 10 12:09 ..
It's a new "bare metal" (in as much as there is no metal) install. I created the sybase user from scratch by hand editing passwd, group and shadow, buy copying and pasting the data out of the NIS maps. All I've done besides the install & patch is setup networking manually, and created the metadb's and the soft partitions and the mount points & newfs'ed & mounted three of them . I then changed ownership of /apps to be sybase:sybase, and handed it to the database team for the sybase install. they came back and said "should we be able to do this?" as they habitually run rm rf * knowing they can't delete root owned files, only now they can... This is true even if I just chgrp the directory and give them group write permissions. They can still delete anything owned by root, even if it doesn't have group permissions just like the lost+found directory. No other "real" machine we have, x86 or SPARC does this, but we've never installed u5 before either.
As you can imagine losing the lost+found directory is a bit of a problem, however what's really worrying me is if they can do that, what happens when they run sybase as the sybase user? If it borks can they trash the OS and write/overwrite random files?
It's a VM, so in as much that's not a problem, but the reason it's a VM is somebody wants to send a VM to a client as a demo, and at present it's highly unstable IMO.
Does anyone have any idea where to start? My thoughts are that it may be a VMware issue, (though the hardware and the guest OS is supported) it could be a bug, because I've never seen that weird newfs error before, and then I found this:
http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6622243
Or it could be me, and the fact that I'm hand configuring it, and u5 now requires I do it "properly" with useradd, etc. I'd like to test, but the guy wants it built, and wants it now, so I patched it up, and gave it back to the database team and told them to be careful.
I'd be interested in you opinions regardless.
The full spec of the "machine" is below, sol10 is not it's name for obvious reasons, and I've hashed out the ID & GIUD for similar reasons.
# uname -a
SunOS sol10 5.10 Generic_127128-11 i86pc i386 i86pc
# prtdiag
System Configuration: VMware, Inc. VMware Virtual Platform
BIOS Configuration: Phoenix Technologies LTD 6.00 09/06/2007
==== Processor Sockets ====================================
Version Location Tag
Pentium(R) Pro CPU socket #0
Pentium(R) Pro CPU socket #1
==== Memory Device Sockets ================================
Type Status Set Device Locator Bank Locator
DRAM in use 0 RAM slot #0 RAM slot #0
DRAM in use 0 RAM slot #1 RAM slot #1
DRAM in use 0 RAM slot #2 RAM slot #2
DRAM in use 0 RAM slot #3 RAM slot #3
==== On-Board Devices =====================================
VMware SVGA II
ES1371
==== Upgradeable Slots ====================================
ID Status Type Description
0 unknown ISA ISA Slot J8
0 unknown ISA ISA Slot J9
0 unknown ISA ISA Slot J10
1 in use PCI PCI Slot J11
2 in use PCI PCI Slot J12
3 in use PCI PCI Slot J13
4 available PCI PCI Slot J14
# dmesg
Wednesday, 10 September 2008 15:33:35 BST
Sep 10 10:17:44 sol10 busra: [ID 490441 kern.info] NOTICE: ndi_ra_free: bad free, dip ffffffff803807a8, resource type memory
Sep 10 10:17:44 sol10 busra: [ID 883242 kern.info] NOTICE: ndi_ra_free: freeing base 0xe0000, len 0x4000 overlaps with existing resource base 0x0, len 0xf4000000
Sep 10 10:17:44 sol10 rootnex: [ID 349649 kern.info] pci0 at root: space 0 offset 0
Sep 10 10:17:44 sol10 genunix: [ID 936769 kern.info] pci0 is /pci@0,0
Sep 10 10:17:44 sol10 scsi: [ID 365881 kern.info] /pci@0,0/pci1000,30@10 (mpt0):
Sep 10 10:17:44 sol10 Rev. 1 LSI, Inc. 1030 found.
Sep 10 10:17:44 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: pci1000,30 (mpt) instance 0 vector 0x11 ioapic 0x2 intin 0x11 is bound to cpu 0
Sep 10 10:17:44 sol10 scsi: [ID 365881 kern.info] /pci@0,0/pci1000,30@10 (mpt0):
Sep 10 10:17:44 sol10 mpt0 Firmware version v0.0.0.0 (?)
Sep 10 10:17:44 sol10 scsi: [ID 365881 kern.info] /pci@0,0/pci1000,30@10 (mpt0):
Sep 10 10:17:44 sol10 mpt0: IOC Operational.
Sep 10 10:17:44 sol10 pci: [ID 370704 kern.info] PCI-device: pci1000,30@10, mpt0
Sep 10 10:17:44 sol10 genunix: [ID 936769 kern.info] mpt0 is /pci@0,0/pci1000,30@10
Sep 10 10:17:44 sol10 scsi: [ID 193665 kern.info] sd0 at mpt0: target 0 lun 0
Sep 10 10:17:44 sol10 genunix: [ID 936769 kern.info] sd0 is /pci@0,0/pci1000,30@10/sd@0,0
Sep 10 10:17:44 sol10 genunix: [ID 408114 kern.info] /pci@0,0/pci1000,30@10/sd@0,0 (sd0) online
Sep 10 10:17:44 sol10 unix: [ID 190185 kern.info] SMBIOS v2.31 loaded (1695 bytes)
Sep 10 10:17:44 sol10 genunix: [ID 408114 kern.info] /cpus (cpunex0) online
Sep 10 10:17:44 sol10 pseudo: [ID 129642 kern.info] pseudo-device: dld0
Sep 10 10:17:44 sol10 genunix: [ID 936769 kern.info] dld0 is /pseudo/dld@0
Sep 10 10:17:44 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: i8042 (i8042) instance 0 vector 0x1 ioapic 0x2 intin 0x1 is bound to cpu 1
Sep 10 10:17:44 sol10 pcplusmp: [ID 398438 kern.info] pcplusmp: i8042 (i8042) instance #0 vector 0xc ioapic 0x2 intin 0xc is bound to cpu 1
Sep 10 10:17:44 sol10 i8042: [ID 526150 kern.info] 8042 device: keyboard@0, kb8042 # 0
Sep 10 10:17:44 sol10 genunix: [ID 936769 kern.info] kb80420 is /isa/i8042@1,60/keyboard@0
Sep 10 10:17:44 sol10 i8042: [ID 526150 kern.info] 8042 device: mouse@1, mouse8042 # 0
Sep 10 10:17:44 sol10 genunix: [ID 936769 kern.info] mouse80420 is /isa/i8042@1,60/mouse@1
Sep 10 10:17:44 sol10 unix: [ID 950921 kern.info] cpu0: x86 (GenuineIntel family 6 model 15 step 8 clock 2000 MHz)
Sep 10 10:17:44 sol10 unix: [ID 950921 kern.info] cpu0: Intel(r) Xeon(r) CPU E5335 @ 2.00GHz
Sep 10 10:17:47 sol10 unix: [ID 950921 kern.info] cpu1: x86 (GenuineIntel family 6 model 15 step 8 clock 2000 MHz)
Sep 10 10:17:47 sol10 unix: [ID 950921 kern.info] cpu1: Intel(r) Xeon(r) CPU E5335 @ 2.00GHz
Sep 10 10:17:47 sol10 unix: [ID 557827 kern.info] cpu1 initialization complete - online
Sep 10 10:17:47 sol10 rootnex: [ID 349649 kern.info] iscsi0 at root
Sep 10 10:17:47 sol10 genunix: [ID 936769 kern.info] iscsi0 is /iscsi
Sep 10 10:17:52 sol10 genunix: [ID 454863 kern.info] dump on /dev/dsk/c1t0d0s1 size 8197 MB
Sep 10 10:17:53 sol10 pci: [ID 370704 kern.info] PCI-device: pci8086,7191@1, pci_pci0
Sep 10 10:17:53 sol10 genunix: [ID 936769 kern.info] pci_pci0 is /pci@0,0/pci8086,7191@1
Sep 10 10:17:54 sol10 mac: [ID 469746 kern.info] NOTICE: e1000g0 registered
Sep 10 10:17:54 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: pci8086,100f (e1000g) instance 0 vector 0x12 ioapic 0x2 intin 0x12 is bound to cpu 0
Sep 10 10:17:54 sol10 e1000g: [ID 766679 kern.info] Intel(R) PRO/1000 Network Connection, Driver Ver. 5.1.11
Sep 10 10:17:54 sol10 pseudo: [ID 129642 kern.info] pseudo-device: zfs0
Sep 10 10:17:54 sol10 genunix: [ID 936769 kern.info] zfs0 is /pseudo/zfs@0
Sep 10 10:17:55 sol10 pseudo: [ID 129642 kern.info] pseudo-device: pm0
Sep 10 10:17:55 sol10 genunix: [ID 936769 kern.info] pm0 is /pseudo/pm@0
Sep 10 10:17:55 sol10 pseudo: [ID 129642 kern.info] pseudo-device: power0
Sep 10 10:17:55 sol10 genunix: [ID 936769 kern.info] power0 is /pseudo/power@0
Sep 10 10:17:56 sol10 pseudo: [ID 129642 kern.info] pseudo-device: devinfo0
Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] devinfo0 is /pseudo/devinfo@0
Sep 10 10:17:56 sol10 rootnex: [ID 349649 kern.info] xsvc0 at root
Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] xsvc0 is /xsvc
Sep 10 10:17:56 sol10 pseudo: [ID 129642 kern.info] pseudo-device: pseudo1
Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] pseudo1 is /pseudo/zconsnex@1
Sep 10 10:17:56 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: lp (ecpp) instance 0 vector 0x7 ioapic 0x2 intin 0x7 is bound to cpu 1
Sep 10 10:17:56 sol10 isa: [ID 202937 kern.info] ISA-device: ecpp0
Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] ecpp0 is /isa/lp@1,378
Sep 10 10:17:56 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: asy (asy) instance 0 vector 0x4 ioapic 0x2 intin 0x4 is bound to cpu 0
Sep 10 10:17:56 sol10 isa: [ID 202937 kern.info] ISA-device: asy0
Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] asy0 is /isa/asy@1,3f8
Sep 10 10:17:56 sol10 pcplusmp: [ID 398438 kern.info] pcplusmp: asy (asy) instance #1 vector 0x3 ioapic 0x2 intin 0x3 is bound to cpu 0
Sep 10 10:17:56 sol10 isa: [ID 202937 kern.info] ISA-device: asy1
Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] asy1 is /isa/asy@1,2f8
Sep 10 10:17:56 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: ide (ata) instance 0 vector 0xe ioapic 0x2 intin 0xe is bound to cpu 1
Sep 10 10:17:56 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: ide (ata) instance 0 vector 0xe ioapic 0x2 intin 0xe is bound to cpu 0
Sep 10 10:17:56 sol10 genunix: [ID 640982 kern.info] ATAPI device at targ 0, lun 0 lastlun 0x0
Sep 10 10:17:56 sol10 genunix: [ID 846691 kern.info] model VMware Virtual IDE CDROM Drive
Sep 10 10:17:56 sol10 genunix: [ID 479077 kern.info] ATA/ATAPI-4 supported, majver 0x1e minver 0x17
Sep 10 10:17:56 sol10 pci: [ID 370704 kern.info] PCI-device: ide@0, ata0
Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] ata0 is /pci@0,0/pci-ide@7,1/ide@0
Sep 10 10:17:56 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
Sep 10 10:17:56 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
Sep 10 10:17:56 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
Sep 10 10:17:56 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
Sep 10 10:17:56 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
Sep 10 10:17:56 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
Sep 10 10:17:56 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
Sep 10 10:17:56 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
Sep 10 10:17:56 sol10 scsi: [ID 193665 kern.info] sd1 at ata0: target 0 lun 0
Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] sd1 is /pci@0,0/pci-ide@7,1/ide@0/sd@0,0
Sep 10 10:17:56 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: fdc (fdc) instance 0 vector 0x6 ioapic 0x2 intin 0x6 is bound to cpu 1
Sep 10 10:17:56 sol10 isa: [ID 202937 kern.info] ISA-device: fdc0
Sep 10 10:17:56 sol10 fdc: [ID 114370 kern.info] fd0 at fdc0
Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] fd0 is /isa/fdc@1,3f0/fd@0,0
Sep 10 10:17:56 sol10 genunix: [ID 314293 kern.info] device pciclass,030000@f(display#0) keeps up device sd@0,0(sd#1), but the latter is not power managed
Sep 10 10:17:56 sol10 pseudo: [ID 129642 kern.info] pseudo-device: nvidia255
Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] nvidia255 is /pseudo/nvidia@255
Sep 10 10:17:56 sol10 pseudo: [ID 129642 kern.info] pseudo-device: ramdisk1024
Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] ramdisk1024 is /pseudo/ramdisk@1024
Sep 10 10:17:56 sol10 pseudo: [ID 129642 kern.info] pseudo-device: lockstat0
Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] lockstat0 is /pseudo/lockstat@0
Sep 10 10:17:56 sol10 pseudo: [ID 129642 kern.info] pseudo-device: llc10
Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] llc10 is /pseudo/llc1@0
Sep 10 10:17:56 sol10 pseudo: [ID 129642 kern.info] pseudo-device: lofi0
Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] lofi0 is /pseudo/lofi@0
Sep 10 10:17:56 sol10 pseudo: [ID 129642 kern.info] pseudo-device: dtrace0
Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] dtrace0 is /pseudo/dtrace@0
Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: profile0
Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] profile0 is /pseudo/profile@0
Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: systrace0
Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] systrace0 is /pseudo/systrace@0
Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fbt0
Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] fbt0 is /pseudo/fbt@0
Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: sdt0
Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] sdt0 is /pseudo/sdt@0
Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fasttrap0
Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] fasttrap0 is /pseudo/fasttrap@0
Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fcp0
Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] fcp0 is /pseudo/fcp@0
Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fcsm0
Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] fcsm0 is /pseudo/fcsm@0
Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: lx_systrace0
Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] lx_systrace0 is /pseudo/lx_systrace@0
Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: ucode0
Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] ucode0 is /pseudo/ucode@0
Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fssnap0
Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] fssnap0 is /pseudo/fssnap@0
Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: winlock0
Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] winlock0 is /pseudo/winlock@0
Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: vol0
Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] vol0 is /pseudo/vol@0
Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: rsm0
Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] rsm0 is /pseudo/rsm@0
Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: pool0
Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] pool0 is /pseudo/pool@0
Sep 10 10:17:57 sol10 ipf: [ID 774698 kern.info] IP Filter: v4.1.9, running.
Sep 10 10:18:05 sol10 nfs4cbd[395]: [ID 867284 daemon.notice] nfsv4 cannot determine local hostname binding for transport tcp - delegations will not be available on this transport
Sep 10 10:18:10 sol10 sendmail[598]: [ID 702911 mail.crit] My unqualified host name (localhost) unknown; sleeping for retry
Sep 10 10:18:10 sol10 sendmail[600]: [ID 702911 mail.crit] My unqualified host name (localhost) unknown; sleeping for retry
Sep 10 10:18:17 sol10 mac: [ID 736570 kern.info] NOTICE: e1000g0 unregistered
Sep 10 10:19:10 sol10 sendmail[598]: [ID 702911 mail.alert] unable to qualify my own domain name (localhost) -- using short name
Sep 10 10:19:10 sol10 sendmail[600]: [ID 702911 mail.alert] unable to qualify my own domain name (localhost) -- using short name
Sep 10 10:20:10 sol10 pseudo: [ID 129642 kern.info] pseudo-device: devinfo0
Sep 10 10:20:10 sol10 genunix: [ID 936769 kern.info] devinfo0 is /pseudo/devinfo@0
Sep 10 10:24:54 sol10 mac: [ID 469746 kern.info] NOTICE: e1000g0 registered
Sep 10 10:24:54 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: pci8086,100f (e1000g) instance 0 vector 0x12 ioapic 0x2 intin 0x12 is bound to cpu 0
Sep 10 10:24:54 sol10 e1000g: [ID 766679 kern.info] Intel(R) PRO/1000 Network Connection, Driver Ver. 5.1.11
Sep 10 10:24:59 sol10 e1000g: [ID 801725 kern.info] NOTICE: pci8086,100f - e1000g[0] : Adapter 1000Mbps full duplex copper link is up.
Sep 10 10:28:21 sol10 in.routed[502]: [ID 798604 daemon.error] empty response from 129.0.1.124
Sep 10 10:35:17 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
Sep 10 10:35:17 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
Sep 10 10:35:17 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
Sep 10 10:35:17 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
Sep 10 10:35:17 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
Sep 10 10:35:17 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
Sep 10 10:35:17 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
Sep 10 10:35:17 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
Sep 10 10:35:17 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: lp (ecpp) instance 0 vector 0x7 ioapic 0x2 intin 0x7 is bound to cpu 1
Sep 10 10:35:17 sol10 isa: [ID 202937 kern.info] ISA-device: ecpp0
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] ecpp0 is /isa/lp@1,378
Sep 10 10:35:17 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: asy (asy) instance 0 vector 0x4 ioapic 0x2 intin 0x4 is bound to cpu 0
Sep 10 10:35:17 sol10 isa: [ID 202937 kern.info] ISA-device: asy0
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] asy0 is /isa/asy@1,3f8
Sep 10 10:35:17 sol10 pcplusmp: [ID 398438 kern.info] pcplusmp: asy (asy) instance #1 vector 0x3 ioapic 0x2 intin 0x3 is bound to cpu 0
Sep 10 10:35:17 sol10 isa: [ID 202937 kern.info] ISA-device: asy1
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] asy1 is /isa/asy@1,2f8
Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: nvidia255
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] nvidia255 is /pseudo/nvidia@255
Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: ramdisk1024
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] ramdisk1024 is /pseudo/ramdisk@1024
Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: lockstat0
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] lockstat0 is /pseudo/lockstat@0
Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: llc10
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] llc10 is /pseudo/llc1@0
Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: lofi0
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] lofi0 is /pseudo/lofi@0
Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: profile0
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] profile0 is /pseudo/profile@0
Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: systrace0
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] systrace0 is /pseudo/systrace@0
Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fbt0
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] fbt0 is /pseudo/fbt@0
Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: sdt0
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] sdt0 is /pseudo/sdt@0
Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fcp0
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] fcp0 is /pseudo/fcp@0
Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fcsm0
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] fcsm0 is /pseudo/fcsm@0
Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: lx_systrace0
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] lx_systrace0 is /pseudo/lx_systrace@0
Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: ucode0
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] ucode0 is /pseudo/ucode@0
Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fssnap0
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] fssnap0 is /pseudo/fssnap@0
Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: winlock0
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] winlock0 is /pseudo/winlock@0
Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: pm0
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] pm0 is /pseudo/pm@0
Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: rsm0
Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] rsm0 is /pseudo/rsm@0
Sep 10 10:55:50 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
Sep 10 10:55:50 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
Sep 10 10:55:50 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
Sep 10 10:55:50 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
Sep 10 10:55:50 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
Sep 10 10:55:50 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
Sep 10 10:55:50 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
Sep 10 10:55:50 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
Sep 10 11:28:55 sol10 in.routed[502]: [ID 798604 daemon.error] empty response from 129.0.1.124
Sep 10 12:28:56 sol10 in.routed[502]: [ID 798604 daemon.error] empty response from 129.0.1.124
Sep 10 13:29:01 sol10 in.routed[502]: [ID 798604 daemon.error] empty response from 129.0.1.124
Sep 10 14:29:10 sol10 in.routed[502]: [ID 798604 daemon.error] empty response from 129.0.1.124
Sep 10 15:29:38 sol10 in.routed[502]: [ID 798604 daemon.error] empty response from 129.0.1.124
# prtconf
System Configuration: Sun Microsystems i86pc
Memory size: 4132 Megabytes
System Peripherals (Software Nodes):
i86pc
scsi_vhci, instance #0
isa, instance #0
i8042, instance #0
keyboard, instance #0
mouse, instance #0
lp, instance #0
asy, instance #0
asy, instance #1
fdc, instance #0
fd, instance #0
pci, instance #0
pci15ad,1976 (driver not attached)
pci8086,7191, instance #0
pci15ad,1976 (driver not attached)
pci-ide, instance #0
ide, instance #0
sd, instance #1
ide (driver not attached)
pci15ad,1976 (driver not attached)
display, instance #0
pci1000,30, instance #0
sd, instance #0
pci15ad,750, instance #0
iscsi, instance #0
pseudo, instance #0
options, instance #0
agpgart, instance #0
xsvc, instance #0
objmgr, instance #0
acpi (driver not attached)
used-resources (driver not attached)
cpus, instance #0
cpu (driver not attached)
cpu (driver not attached)
# format
Searching for disks...done
AVAILABLE DISK SELECTIONS:
0. c1t0d0 <DEFAULT cyl 10440 alt 2 hd 255 sec 63>
/pci@0,0/pci1000,30@10/sd@0,0
Specify disk (enter its number): 0
selecting c1t0d0
[disk formatted]
Warning: Current Disk has mounted partitions.
/dev/dsk/c1t0d0s0 is currently mounted on /. Please see umount(1M).
/dev/dsk/c1t0d0s1 is currently used by swap. Please see swap(1M).
/dev/dsk/c1t0d0s3 is currently mounted on /usr. Please see umount(1M).
/dev/dsk/c1t0d0s4 is currently mounted on /var. Please see umount(1M).
/dev/dsk/c1t0d0s5 is currently mounted on /opt. Please see umount(1M).
/dev/dsk/c1t0d0s6 is part of SVM volume sp:d8. Please see metaclear(1M).
/dev/dsk/c1t0d0s7 contains an SVM mdb. Please see metadb(1M).
FORMAT MENU:
disk - select a disk
type - select (define) a disk type
partition - select (define) a partition table
current - describe the current disk
format - format and analyze the disk
fdisk - run the fdisk program
repair - repair a defective sector
label - write label to the disk
analyze - surface analysis
defect - defect list management
backup - search for backup labels
verify - read and display labels
save - save new disk/partition definitions
inquiry - show vendor, product and revision
volname - set 8-character volume name
!<cmd> - execute <cmd>, then return
quit
format> p
PARTITION MENU:
0 - change `0' partition
1 - change `1' partition
2 - change `2' partition
3 - change `3' partition
4 - change `4' partition
5 - change `5' partition
6 - change `6' partition
7 - change `7' partition
select - select a predefined table
modify - modify a predefined partition table
name - name the current table
print - display the current table
label - write partition map and label to the disk
!<cmd> - execute <cmd>, then return
quit
partition> p
Current partition table (original):
Total disk cylinders available: 10440 + 2 (reserved cylinders)
Part Tag Flag Cylinders Size Blocks
0 root wm 1 - 131 1.00GB (131/0/0) 2104515
1 swap wu 132 - 1176 8.01GB (1045/0/0) 16787925
2 backup wm 0 - 10439 79.97GB (10440/0/0) 167718600
3 usr wm 1177 - 1829 5.00GB (653/0/0) 10490445
4 var wm 1830 - 2091 2.01GB (262/0/0) 4209030
5 unassigned wm 2092 - 2614 4.01GB (523/0/0) 8401995
6 unassigned wm 2617 - 10439 59.93GB (7823/0/0) 125676495
7 unassigned wm 2615 - 2616 15.69MB (2/0/0) 32130
8 boot wu 0 - 0 7.84MB (1/0/0) 16065
9 unassigned wm 0 0 (0/0/0) 0
partition> quit
FORMAT MENU:
disk - select a disk
type - select (define) a disk type
partition - select (define) a partition table
current - describe the current disk
format - format and analyze the disk
fdisk - run the fdisk program
repair - repair a defective sector
label - write label to the disk
analyze - surface analysis
defect - defect list management
backup - search for backup labels
verify - read and display labels
save - save new disk/partition definitions
inquiry - show vendor, product and revision
volname - set 8-character volume name
!<cmd> - execute <cmd>, then return
quit
format> q
# metastat -p
d8 -p c1t0d0s6 -o 109973513 -b 61440
d7 -p c1t0d0s6 -o 109461512 -b 512000
d6 -p c1t0d0s6 -o 109051911 -b 409600
d5 -p c1t0d0s6 -o 88080390 -b 20971520
d4 -p c1t0d0s6 -o 67108869 -b 20971520
d3 -p c1t0d0s6 -o 46137348 -b 20971520
d2 -p c1t0d0s6 -o 41943043 -b 4194304
d1 -p c1t0d0s6 -o 20971522 -b 20971520
d0 -p c1t0d0s6 -o 1 -b 20971520An easy way to think of it is this -- everything in Unix is a file. Including directories; they are just a file which contains a list of the files in that directory, and pointers to them.
If the 'sybase' user has write permission on the directory, they have permission to edit that "list", and can add or remove files to the list. It doesn't matter who the files on the list belong to, because the files are not what is being modified. Only the list of files is being modified. (Of course, in Unix, if you erase the file's listing from all of the lists it's on, the file itself goes away for housekeeping purposes.)
One thing that would have stopped the 'sybase' user from removing the lost+found directory is if that directory itself had files in it -- without write permission to the lost+found directory, that user could not have removed those files, and since one cannot remove a non-empty directory, that operation would have failed. Since lost+found was empty in this case, it could be removed simply by having permission to write to the /apps directory.
This behavior does change if you set the sticky bit on the directory -- in that case, files may only be removed by the owner of the file or directory, or if the user has write permission to the file. This would have prevented the sybase user from removing the lost+found directory. (Note, this also applies to the 'rename' function call.) This would probably be the best way to handle your situation, since you apparently do want the sybase user to be able to add files to /apps, but do not want them to be able to remove lost+found.
Edited by: MadBishop on Sep 12, 2008 7:46 AM -
A Solution for Enabling Sandbox activation by non admin users for testing (OIM 11gr2 PS2)
I just wanted to post what i came up with as a solution the the problem of not being able to Test the effects of sandbox changes for non admin level users prior to their publication. We are constantly making changes to the UI through sandboxes, the problem is rolling a sandbox back isn't easy, and we cannot be sure of the effects they will have on non administrative users until they are published, since the out of the box sandbox link isn't available to non Sysadmin level users.
To allow these non admin user accounts to test the effects of sandbox changes in our development environment, I did the following (as always, follow at your own risk):
Create and activate a new sandbox.
Close all open tabs (including the Home and Sandbox tabs) and click the "Customize" link.
Click the view -> source drop down in the upper left.
After the source is visible, click the Accessibility or Sandbox link to find the area that you will add the new "UserSandboxTest" (call it whatever you want) link.
Add a new commandImageLink directly in the panelGroupLayout: horizontal item before the "switcher" item (see the UserSandboxLink in my screen shot below):
Edit the Link you just inserted, Entering whatever you want the link to display as in your browser in the "Text" field.
Export the sandbox.
Unzip the exported sandbox and navigate to the IdmShellV2.jspx.xml (path should be: \templates\mdssys\cust\site\site).
Edit the IdmShellV2.jspx.xml file and find the new item you added in step 5.
Add the following to the commandImageLink xml item: actionListener="#{pageFlowScope.uiShell.context.launchSandboxes}" rendered="#{oimcontext.currentUser.roles['SANDBOX_USER'] != null}". Note: I used a new custom enterprise role, SANDBOX_USER, to control the display of the new link, You should substitute whatever EL conditions you need in the rendered property.
Save your IdmShellV2.jspx.xml file and zip the contents back up, just like you would for any other customization.
Import your newly edited sandbox back into the target environment.
Publish the sandbox.
This seems to work great for allowing us to test other sandbox changes effects on different types of users.On step 10, adding the check to determine if the user should have access to the role ended up breaking access to the unauthenticated pages like the self registration page and the forgot userid/user login pages. Non-authenticated users cannot execute the method to return the role, so that fails which leaves the page not loading. To correct this I changed the rendered property to rendered="#{securityContext.authenticated}". This prevents the link from displaying on non authenticated pages, but displays for anyone else who's logged on. We only plan on using this in our development environment where no one but developers and system admins have access anyway, so it's not an issue that everyone will see the link. I wouldn't recommend putting this in an environment where end users will be logging in and testing without developing a method (or finding another way to limit the display) that can be called by unauthenticated users to prevent them from seeing the link.
-
2.1.1 and 3.0 EA2: No tables shown for a non-dba user on 11R2
Hi all
I'm experiencing a strange problem with one 11R2 DB standard edition installation on Windows 2008 32-bit.
Versions are:
Windows
Windows 2008 SP2 32 bit (build 6002)
Oracle
Oracle Database 11g Release 11.2.0.1.0 - Production
PL/SQL Release 11.2.0.1.0 - Production
CORE 11.2.0.1.0 Production
TNS for 32-bit Windows: Version 11.2.0.1.0 - Production
NLSRTL Version 11.2.0.1.0 - Production
Java
java version "1.6.0_23"
Java(TM) SE Runtime Environment (build 1.6.0_23-b05)
Java HotSpot(TM) Client VM (build 19.0-b09, mixed mode, sharing)
The DB has some users, to whom some tables belong.
If I run SQL Developer (either 2.1.1 or 3.0 EA2) on the server (as windows administrator), and create a connection using one of the non-dba users credentials, clicking on the Tables (filtered view) leaf, does not show any table, even if they are on the DB (e.g. using sqlplus from command line and doing a select table_name from user_tables shows the entire list, and I can select, insert, delete and so on).
If I connect from my pc (I have 10g client installed), it works perfectly, i.e. I see the list of tables, and I can operate on them as expected.
Conversely, on 11R2 another installation (Oracle Enterprise Edition on Windows 2003 Enterprise), both versions of sqldeveloper work fine on the server machine. Here versions are:
Windows
Windows 2003 R2 Enterprise Edition SP2 build 3790
Oracle
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
PL/SQL Release 11.2.0.1.0 - Production
CORE 11.2.0.1.0 Production
TNS for 32-bit Windows: Version 11.2.0.1.0 - Production
NLSRTL Version 11.2.0.1.0 - Production
Java
java version "1.6.0_06"
Java(TM) SE Runtime Environment (build 1.6.0_06-b02)
Java HotSpot(TM) Client VM (build 10.0-b22, mixed mode, sharing)
What could be wrong here? Is there any way to debug it?
Thanks in advance
Ciao
AndreaI run sqldeveloper.bat as instructed by you.
These are the results. The error appears only when starting sqldeveloper. When I expand tables I see nothing.
C:\sqldeveloper\sqldeveloper\bin>java -Xmx640M -Xms128M -Xverify:none -Doracle.i
de.util.AddinPolicyUtils.OVERRIDE_FLAG=true -Dsun.java2d.ddoffscreen=false -Dwin
dows.shell.font.languages= -XX:MaxPermSize=128M -Dide.AssertTracingDisabled=true
-Doracle.ide.util.AddinPolicyUtils.OVERRIDE_FLAG=true -Djava.util.logging.confi
g.file=logging.conf -Dsqldev.debug=false -Dide.conf="./sqldeveloper.conf" -Dide.
startingcwd="." -classpath ../../ide/lib/ide-boot.jar oracle.ide.boot.Launcher
Exception initializing 'oracle.dbtools.raptor.plsql.PLSQLAddin' in extension 'Or
acle SQL Developer': java.lang.NoClassDefFoundError: com/sun/jdi/Bootstrap
at oracle.jdevimpl.debugger.jdi.DebugJDIConnector.getVersion(DebugJDICon
nector.java:30)
at oracle.jdevimpl.debugger.support.DebugFactory.<clinit>(DebugFactory.j
ava:81)
at oracle.dbtools.raptor.plsql.PLSQLAddin.initialize(PLSQLAddin.java:87)
at oracle.ideimpl.extension.AddinManagerImpl.initializeAddin(AddinManage
rImpl.java:407)
at oracle.ideimpl.extension.AddinManagerImpl.initializeAddins(AddinManag
erImpl.java:214)
at oracle.ideimpl.extension.AddinManagerImpl.initProductAndUserAddins(Ad
dinManagerImpl.java:128)
at oracle.ide.IdeCore.initProductAndUserAddins(IdeCore.java:1949)
at oracle.ide.IdeCore.startupImpl(IdeCore.java:1573)
at oracle.ide.Ide.startup(Ide.java:703)
at oracle.ideimpl.DefaultIdeStarter.startIde(DefaultIdeStarter.java:35)
at oracle.ideimpl.Main.start(Main.java:184)
at oracle.ideimpl.Main.main(Main.java:146)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at oracle.ide.boot.PCLMain.callMain(PCLMain.java:62)
at oracle.ide.boot.PCLMain.main(PCLMain.java:54)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at oracle.classloader.util.MainClass.invoke(MainClass.java:128)
at oracle.ide.boot.IdeLauncher.bootClassLoadersAndMain(IdeLauncher.java:
189)
at oracle.ide.boot.IdeLauncher.launchImpl(IdeLauncher.java:89)
at oracle.ide.boot.IdeLauncher.launch(IdeLauncher.java:65)
at oracle.ide.boot.IdeLauncher.main(IdeLauncher.java:54)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at oracle.ide.boot.Launcher.invokeMain(Launcher.java:713)
at oracle.ide.boot.Launcher.launchImpl(Launcher.java:115)
at oracle.ide.boot.Launcher.launch(Launcher.java:68)
at oracle.ide.boot.Launcher.main(Launcher.java:57)
Caused by: oracle.classloader.util.AnnotatedClassNotFoundException:
Classe mancante: com.sun.jdi.Bootstrap
Classe dipendente: oracle.jdevimpl.debugger.jdi.DebugJDIConnector
Loader: ide-global:11.1.1.0.0
Origine codice: /C:/sqldeveloper/jdev/extensions/oracle.jdeveloper.r
unner.jar
Configurazione: extension jar in C:\sqldeveloper\jdev\extensions
Questo caricamento Þ stato iniziato alle ide-global:11.1.1.0.0 utilizzando il me
todo loadClass().
La classe mancante non Þ disponibile in nessuna origine codice o loader nel sist
ema.
at oracle.classloader.PolicyClassLoader.handleClassNotFound(PolicyClassL
oader.java:2190)
at oracle.classloader.PolicyClassLoader.internalLoadClass(PolicyClassLoa
der.java:1733)
at oracle.classloader.PolicyClassLoader.access$000(PolicyClassLoader.jav
a:143)
at oracle.classloader.PolicyClassLoader$LoadClassAction.run(PolicyClassL
oader.java:331)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.classloader.PolicyClassLoader.loadClass(PolicyClassLoader.java
:1692)
at oracle.classloader.PolicyClassLoader.loadClass(PolicyClassLoader.java
:1674)
... 35 more
Thanks for your help. -
"Unable to check revocation" error while checking CDP from non-domain user account
Hi!
I use 3-tier PKI infrastructure:
Stand-alone offline Root CA: RootCA;
Stand-alone offline Intermediate subordinate CA: SubCA;
Enterprise CA: EntSubCA.
In certificate we have three CDP point for CRL check:
ldap:///, http:// and file://
I have Windows 2008 R2 server joined to domain.
I use command certutil –verify –urlfetch <filename.cer> >check.txt for revocation checking of certificate.
When I use domain user account for revocation checking, all OK.
I have access to any CDP and all fine.
But when i use local server user account, I haven't access to ldap:/// and process failed although all other links is OK.
My question is "why check fail with non-domain user accout while other CDP point succesfully verifed"?
Here is the logfile from local user:
Issuer:
CN=EntSubCA
DC=DED
DC=ROOT
Subject:
CN=servername.domain_name
Cert Serial Number: 5a896145000300006ee2
dwFlags = CA_VERIFY_FLAGS_ALLOW_UNTRUSTED_ROOT (0x1)
dwFlags = CA_VERIFY_FLAGS_IGNORE_OFFLINE (0x2)
dwFlags = CA_VERIFY_FLAGS_FULL_CHAIN_REVOCATION (0x8)
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN (0x20000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
ChainContext.dwRevocationFreshnessTime: 5 Days, 23 Hours, 15 Minutes, 48 Seconds
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
SimpleChain.dwRevocationFreshnessTime: 5 Days, 23 Hours, 15 Minutes, 48 Seconds
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=1000040
Issuer: CN=EntSubCA, DC=DED, DC=ROOT
NotBefore: 05.02.2015 20:03
NotAfter: 05.02.2016 20:03
Subject: CN=servername.domain_name
Serial: 5a896145000300006ee2
SubjectAltName: DNS Name=servername.domain_name
Template: Machine
70 e4 6b 16 05 a1 62 e3 6d 24 96 ff 44 74 ee a2 3e ce df 18
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
---------------- Certificate AIA ----------------
Failed "AIA" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
ldap:///CN=EntSubCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?cACertificate?base?objectClass=certificationAuthority
Verified "Certificate (0)" Time: 0
[1.0] file://\\ca\crl\EntSubCA.crt
Verified "Certificate (0)" Time: 4
[2.0] http://webserver/crl/EntSubCA.crt
---------------- Certificate CDP ----------------
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?certificateRevocationList?base?objectClass=cRLDistributionPoint
Verified "Base CRL (018d)" Time: 0
[1.0] file://\\ca\crl\EntSubCA.crl
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
[1.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
Old Base CRL "Delta CRL (018d)" Time: 0
[1.0.1] file://\\ca\crl\EntSubCA.crl
Old Base CRL "Delta CRL (018d)" Time: 4
[1.0.2] http://webserver/crl/EntSubCA.crl
Verified "Base CRL (018d)" Time: 4
[2.0] http://webserver/crl/EntSubCA.crl
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
[2.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
Old Base CRL "Delta CRL (018d)" Time: 0
[2.0.1] file://\\ca\crl\EntSubCA.crl
Old Base CRL "Delta CRL (018d)" Time: 4
[2.0.2] http://webserver/crl/EntSubCA.crl
---------------- Base CRL CDP ----------------
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
OK "Base CRL (018d)" Time: 0
[1.0] file://\\ca\crl\EntSubCA.crl
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
[1.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
Old Base CRL "Delta CRL (018d)" Time: 0
[1.0.1] file://\\ca\crl\EntSubCA.crl
Old Base CRL "Delta CRL (018d)" Time: 4
[1.0.2] http://webserver/crl/EntSubCA.crl
OK "Base CRL (018d)" Time: 4
[2.0] http://webserver/crl/EntSubCA.crl
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
[2.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
Old Base CRL "Delta CRL (018d)" Time: 0
[2.0.1] file://\\ca\crl\EntSubCA.crl
Old Base CRL "Delta CRL (018d)" Time: 4
[2.0.2] http://webserver/crl/EntSubCA.crl
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
CRL 018d:
Issuer: CN=EntSubCA, DC=DED, DC=ROOT
33 af 4d be 0e 35 45 94 bc 8b 3f d9 c1 60 e7 0c c4 83 17 b6
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
Application[1] = 1.3.6.1.5.5.7.3.1 Server Authentication
CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=SubCA
NotBefore: 13.11.2014 19:12
NotAfter: 13.11.2017 19:22
Subject: CN=EntSubCA, DC=DED, DC=ROOT
Serial: 6109015b000100000008
Template: SubCA
9b 04 17 9f c5 fe 52 ca a5 58 49 6c c6 18 fa db 13 b3 92 9e
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
Failed "AIA" Time: 0
Error retrieving URL: The network path was not found. 0x80070035 (WIN32: 53)
file://\\sub_ca\CertEnroll\sub_ca_SubCA(1).crt
Verified "Certificate (0)" Time: 0
[1.0] file://\\ca\crl\SubCA.crt
Verified "Certificate (0)" Time: 4
[2.0] http://webserver/crl/SubCA.crt
---------------- Certificate CDP ----------------
Verified "Base CRL (32)" Time: 0
[0.0] file://\\ca\crl\SubCA.crl
Verified "Base CRL (32)" Time: 4
[1.0] http://webserver/crl/SubCA.crl
---------------- Base CRL CDP ----------------
No URLs "None" Time: 0
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
CRL 32:
Issuer: CN=SubCA
8d a9 9d 51 65 a3 8e 77 02 22 40 57 62 70 e8 f6 c5 2e 60 1e
CertContext[0][2]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=RootCA
NotBefore: 28.05.2008 12:09
NotAfter: 28.05.2058 12:19
Subject: CN=SubCA
Serial: 616bd19f000100000004
Template: SubCA
06 d2 47 e7 dc 8f a7 97 a2 b8 c3 92 03 19 24 0c 47 45 22 14
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
Verified "Certificate (0)" Time: 0
[0.0] file://\\ca\crl\RootCA.crt
Verified "Certificate (0)" Time: 4
[1.0] http://webserver/crl/RootCA.crt
---------------- Certificate CDP ----------------
Verified "Base CRL (1c)" Time: 4
[0.0] http://webserver/crl/RootCA.crl
Verified "Base CRL (1c)" Time: 0
[1.0] file://\\ca\crl\RootCA.crl
---------------- Base CRL CDP ----------------
No URLs "None" Time: 0
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
CRL 1c:
Issuer: CN=RootCA
dc 98 2f 8d 16 9c 64 6e b2 74 89 95 9a 6c 1b 77 fd 58 63 fb
CertContext[0][3]: dwInfoStatus=10c dwErrorStatus=0
Issuer: CN=RootCA
NotBefore: 27.05.2008 16:10
NotAfter: 27.05.2110 16:20
Subject: CN=RootCA
Serial: 258de6fbd3bbab92460530e9e9f10536
5d e4 56 38 13 0a 52 aa 66 51 25 61 19 33 c9 d7 a2 c7 dd 38
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
Verified "Certificate (0)" Time: 0
[0.0] file://\\ca\crl\RootCA.crt
Verified "Certificate (0)" Time: 4
[1.0] http://webserver/crl/RootCA.crt
---------------- Certificate CDP ----------------
Verified "Base CRL (1c)" Time: 0
[0.0] file://\\ca\crl\RootCA.crl
Verified "Base CRL (1c)" Time: 4
[1.0] http://webserver/crl/RootCA.crl
---------------- Base CRL CDP ----------------
No URLs "None" Time: 0
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
CRL 1c:
Issuer: CN=RootCA
dc 98 2f 8d 16 9c 64 6e b2 74 89 95 9a 6c 1b 77 fd 58 63 fb
Issuance[0] = 1.2.700.113556.1.4.7000.233.28688.7.167403.1102261.1593578.2302197.1
Exclude leaf cert:
5b 8d 96 39 f8 a3 6f af f3 89 bc 8d 78 e2 da 53 21 b8 ff aa
Full chain:
ca 99 30 47 9b ad ab ce 97 cc 70 80 a5 4e 11 b3 1a 83 98 78
Verified Issuance Policies: None
Verified Application Policies:
1.3.6.1.5.5.7.3.2 Client Authentication
1.3.6.1.5.5.7.3.1 Server Authentication
ERROR: Verifying leaf certificate revocation status returned The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613)
CertUtil: The revocation function was unable to check revocation because the revocation server was offline.
CertUtil: -verify command completed successfully.What you have discovered is the reason to *not* use LDAP URLs for CDP and AIA extensions in your PKI. To access those URLs, the account must access to the URLs. In your output, it is quite clear that the local account does not have necessary permissions
(you also use FILE URLs for publication, which again is not recommended).
The best practice is to use a single URL for the CDP extension. It should be an HTTP URL that is hosted on a highly available (internally and externally accessible) Web cluster.
For the AIA extension, it should contain two URLs: one for the CA certificate - again to an internally and externally accessible, highly available Web cluster and one for the OCSP service - also
an internally and externally accessible, highly available Web cluster.
the other issue is that the root CA is *not* trusted when run by a non-domain account. How are you adding the trusted root CA. It is recommended to do this by running
certutil -dspublish -f RootCA.crt.
This will ensure that the computer account trusts the root CA. In your output, the root CA certificate is not trusted.
Brian -
IdM 8.1: Problems to provision Solaris 10 with non root user.
Hello
When IdM 8.1 tries to create a user into Solaris 10 I got this Error:
com.waveset.util.WavesetException: An error occurred adding user 'testSolaris' to resource 'Test_Solaris'. com.waveset.util.WavesetException: Script failed waiting for "_,)#(:" in response "> > > > > > > > > > > pbmasterd3.5.4-01: 5408.07 select: Bad file number [email protected]: 3005 Request en...roblem in readMuxHeader fd 1. - fd closed unexpectedly [email protected]: 3005 Request ended unexpectedly " com.waveset.util.WavesetException: Script processor timed out with nothing to read and the following unprocessed text: "> > > > > > > > > > > pbmasterd3.5.4-01: 5408.07 select: Bad file number [email protected]: 3005 Request ended unexpectedly pbmasterd3.5.4-01@pbr9c: 5430.1 header problem in readMuxHeader fd 1. - fd closed unexpectedly [email protected]: 3005 Request ended unexpectedly pbmasterd3.5.4-01@pbr9c: 5430.1 header problem in readMuxHeader fd 1. - fd closed unexpectedly [email protected]: 3005 Request ended unexpectedly pbmasterd3.5.4-01@pbr9c: 5430.1 header problem in readMuxHeader fd 1. - fd closed unexpectedly [email protected]: 3005 Request ended unexpectedly ".+
*The non root user has the privileges that describes the IdM documentation. This error doesn't occure when the connection user is root.*
*What's wrong?*The non - root doesn't work yet. I try to use a user with SUDO = TRUE but I got this error when I Test the connection:
Script failed waiting for "ASSWORD:" in response "_,)#+(:" ==> com.waveset.util.WavesetException: Script processor timed out with nothing to read and the following unprocessed text: "++_,)#+(:".+
I haver already configured the parameter tty_tickets to TRUE and the sudoers file as following:
+# sudoers file.+
+#+
+# This file MUST be edited with the 'visudo' command as root.+
+#+
+# See the sudoers man page for the details on how to write a sudoers file.+
+#+
++Defaults syslog=auth+
Defaults:idm_sudo tty_tickets
root ALL=(ALL) ALL
idm_sudo ALL = NOPASSWD: /usr/bin/auths,/usr/sbin/groupadd,/usr/sbin/groupdel,/usr/sbin/groupmod,/usr/bin/last,/usr/bin/listusers,/usr/bin/logins,/usr/bin/passwd,/usr/bin/profiles,
+/usr/bin/roles,/usr/sbin/useradd,/usr/sbin/userdel,/usr/sbin/usermod,/usr/bin/awk,/usr/bin/cat,/usr/bin/chmod,/usr/bin/chown,/usr/bin/cp,/usr/bin/cut,/usr/bin/diff,/usr/bin/echo,+
+/usr/bin/grep,/usr/bin/ls,/usr/bin/mv,/usr/bin/rm,/usr/bin/sed,/usr/bin/sleep,/usr/bin/sort,/usr/bin/tail,/usr/bin/touch,/usr/bin/which+
What's wrong?
Maybe you are looking for
-
How to include images in BAM reports
Hi all, In Oracle 11g BAM , i can see some already existing Demo reports, i the Active Studio. in that demo reports i can see a report called SLA Violation.Here in this SLA Vioaltion report there is Updating Orderded list within the list they are sho
-
I am trying to write a client server app and i want my calls to be encrypted via SSL. I am using IBM JDK as my runtime is WebSphere. //For JSSEPrvider2 use:com.ibm.net.ssl.www2.protocol //For JSSE Provider use: com.ibm.net.ssl.internal.www.
-
APEX - Textarea with HTML Editor.
All, I am working with Application Express Version 2.2.1.00.04 I have the following problem: I have an item "Textarea with HTML Editor" which I am inserting information CLOB in a table. This data is consulted by a Region Report of APEX which has a Li
-
Subtract multiple channel blur masks in Premiere CC?
I'm making a portrait of a person, more or less a talking head and I want to smoothen everything in the picture except for the eyes and the mouth. I add the channel blur effect to the clip and draw masks around the eyes and the mouth. This makes the
-
Restoring Out-of-box settings NB205-N325BL
I've tried restoring my NB205-N325BL to it's out of the box state byt holding 0 while turning the power on. However, it isn't working. When I turn on my netbook and then open my computer, I noticed that there is a drive "D" that's labeled "HDD Recove