VMware Cloud Community
ysn
Contributor
Contributor

vmware-cm service doesn't start su : permission denied

hello,

After a log4j non rotating logs incident on a vcsa 6.0 I've reseted the root account but the cause was the partitions / and /storage/log.

After expanding the 2 partitions I got access to the shell, but i cant access to vcsa via clients and a service-control --start --all fails to start vmware-cm service with this error : 

  1. 2022-01-12T08:07:10.741Z   Invoked command: ['/sbin/service', u'vmware-cm', 'start']
  2. 2022-01-12T08:07:10.741Z   RC = 1
  3. Stdout = Last login: Tue Jan 11 22:40:13 UTC 2022
  4.  
  5. Stderr = su: cannot not open session: Permission denied
  6.  
  7. 2022-01-12T08:07:10.741Z   {
  8.     "resolution": null,
  9.     "detail": [
  10.         {
  11.             "args": [
  12.                 "Command: ['/sbin/service', u'vmware-cm', 'start']\nStderr: su: cannot not open session: Permission denied\n"

How can I resolve this please ? An idea ? Thank you

Tags (2)
Reply
0 Kudos
6 Replies
atusmenezes
VMware Employee
VMware Employee

Can you share the output of the command ls -ltr in the directory /usr/lib/vmware-cm/bin?

Reply
0 Kudos
ysn
Contributor
Contributor

yes, thanks for your help

  1. vc6:~ # ls -ltr /usr/lib/vmware-cm/bin
  2. total 212
  3. -rwxr-xr-x 1 cm   cis    207 Oct 16  2016 ssocreatesolutionuser.py
  4. -rwxr-xr-x 1 cm   cis   2336 Oct 16  2016 sslcertgen.py
  5. -rwxr-xr-x 1 cm   cis   7329 Oct 16  2016 scaspectool.py
  6. -rwxr-xr-x 1 cm   cis    970 Oct 16  2016 loadPrivRole.bat
  7. -rwxr-xr-x 1 cm   cis    638 Oct 16  2016 loadPrivRole
  8. -rwxr-xr-x 1 cm   cis    903 Oct 16  2016 encryptpassword.bat
  9. -rwxr-xr-x 1 cm   cis    588 Oct 16  2016 encryptpassword
  10. -rwxr-xr-x 1 cm   cis    907 Oct 16  2016 createsolutionuser.bat
  11. -rwxr-xr-x 1 cm   cis    619 Oct 16  2016 createsolutionuser
  12. -rwxr-xr-x 1 cm   cis    846 Oct 16  2016 cmssoregister.sh
  13. -rwxr-xr-x 1 cm   cis   1837 Oct 16  2016 cmssoregister.bat
  14. -rwxr-xr-x 1 cm   cis   2786 Oct 16  2016 cmreghttps.bat
  15. -rwxr-xr-x 1 cm   cis   2202 Oct 16  2016 cmreghttps
  16. -rwxr-xr-x 1 cm   cis    208 Oct 16  2016 cmreg.py
  17. -rwxr-xr-x 1 cm   cis    857 Oct 16  2016 cmreg.bat
  18. -rwxr-xr-x 1 cm   cis    285 Oct 16  2016 cmreg
  19. -rwxr-xr-x 1 cm   cis    197 Oct 16  2016 cmlookup.py
  20. -rwxr-xr-x 1 cm   cis   1302 Oct 16  2016 cmlookup.bat
  21. -rwxr-xr-x 1 cm   cis    659 Oct 16  2016 cmlookup
  22. -rwxr-xr-x 1 cm   cis  10301 Oct 16  2016 cmdefaults.py
  23. -rwxr-xr-x 1 cm   cis    474 Oct 16  2016 cmctrl.sh
  24. -rwxr-xr-x 1 cm   cis   1158 Oct 16  2016 cmctrl.bat
  25. -rwxr-xr-x 1 cm   cis  31993 Oct 16  2016 cloudvmcisreg.py
  26. -rwxr-xr-x 1 cm   cis    195 Oct 16  2016 cisregnew.py
  27. -rwxr-xr-x 1 cm   cis   3890 Oct 16  2016 cisreg.py
  28. -rwxr-xr-x 1 cm   cis    302 Oct 16  2016 cisreg
  29. -rwxr-xr-x 1 cm   cis    204 Oct 16  2016 cisencryptpassword.py
  30. -rwxr-xr-x 1 cm   cis   1391 Oct 16  2016 ciscli.py
  31. -rwxr-xr-x 1 cm   cis    197 Oct 16  2016 ciscertutil.py
  32. -rwxr-xr-x 1 cm   cis    897 Oct 16  2016 certutil.bat
  33. -rwxr-xr-x 1 cm   cis    528 Oct 16  2016 certutil
  34. -rwxr-xr-x 1 cm   cis    201 Oct 16  2016 authzloadprivrole.py
  35. -rw-r--r-- 1 cm   cis   1637 Oct 16  2016 ciscli.pyc
  36. -rw-r--r-- 1 root root  6342 Feb  1  2017 scaspectool.pyc
  37. -rw-r--r-- 1 root root 29202 Feb  1  2017 cloudvmcisreg.pyc
Reply
0 Kudos
atusmenezes
VMware Employee
VMware Employee

Ok!

I am not sure if this could work, but can you try to change this two files owner?

chown root:root scaspectool.py

chown root:root cloudvmcisreg.py

And try to start the service.

If didn't work, to revert:

chown cm:cis scaspectool.py

chown cm:cis cloudvmcisreg.py

Reply
0 Kudos
ysn
Contributor
Contributor

I will try this, I've seen in /etc/passwd that the line for root and cm users begin like this

root:x:0:0...

cm:x:1001:100::/home/cm:/bin/bash

Could the issue be related to the x in 2nd column indicating a locked account ?

thanks.

Reply
0 Kudos
ysn
Contributor
Contributor

excuse me it's not the solution it doesn't work sorry for the bad click

Reply
0 Kudos
ysn
Contributor
Contributor

It doesn't work, do you have  anys other idea ? A locked account ? A sudoers file issue ?

Thank you.

Reply
0 Kudos