« `
Access to run command is not valid. on padmin
root@vio:/etc/security# su – padmin
Access to run command is not valid.

padmin@vio:/home/padmin$
« `
This error comes from a problem related to padmin’s RBAC rules , which would be missing in file /etc/security/authorizations,modified by the update

## solution : setkst
« `
root@vio:/etc/security# setkst
Successfully updated the Kernel Authorization Table.
Successfully updated the Kernel Role Table.
Successfully updated the Kernel Command Table.
Successfully updated the Kernel Device Table.
Successfully updated the Kernel Object Domain Table.
Successfully updated the Kernel Domains Table.

root@vio:/etc/security# su – padmin
padmin@vio:/home/padmin$
padmin@vio:/home/padmin$
padmin@vio:/home/padmin$ ioslevel
« `

https://www.ibm.com/support/knowledgecenter/en/ssw_aix_61/com.ibm.aix.cmds5/setkst.htm

The setkst command reads the security databases and loads the information from the databases into the kernel security tables. By default, all of the security databases are sent to the KST. Alternatively, you can specify a specific database using the -t flag. If only the authorization database is the only one you specified, the role and privileged command databases are updated in the KST because they are dependent on the authorization database.

Share Button
[TIPS] padmin can’t execute commands after VIO update

Laisser un commentaire