F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

rajeev_81179's avatar
rajeev_81179
Icon for Nimbostratus rankNimbostratus
Oct 28, 2009

ERROR "REJECTING access to capability dac_read_search wrap_pinger8291"

We have 2 data centers and 4 f5's and all the four F5's have this error messages and its not stopping.

 

However, its not affecting the performace of traffic. everything looks normal....

 

I am the only Net admin and no one has made any changes...

 

Has anyone come across such issues....

 

PLEASE HELP!!!!!!!

 

 

(wrap_pinger(23661) profile /usr/bin/bigd active /usr/bin/bigd)

 

Oct 28 16:23:21 csc-dc2-f501 SubDomain: REJECTING access to capability 'dac_read_search' (wrap_pinger(23663) profile /usr/bin/bigd active /usr/bin/bigd)

 

Oct 28 16:23:21 csc-dc2-f501 SubDomain: REJECTING access to capability 'dac_read_search' (wrap_pinger(23665) profile /usr/bin/bigd active /usr/bin/bigd)

 

Oct 28 16:23:21 csc-dc2-f501 SubDomain: REJECTING access to capability 'dac_read_search' (wrap_pinger(23667) profile /usr/bin/bigd active /usr/bin/bigd)

 

Oct 28 16:23:22 csc-dc2-f501 SubDomain: REJECTING access to capability 'dac_read_search' (wrap_pinger(23669) profile /usr/bin/bigd active /usr/bin/bigd)

 

Oct 28 16:23:22 csc-dc2-f501 SubDomain: REJECTING access to capability 'dac_read_search' (wrap_pinger(23671) profile /usr/bin/bigd active /usr/bin/bigd)

 

management
monitoring

3 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Oct 28, 2009
    Hi Rajeev,

     

     

    That's subdomain blocking bigd, the monitoring daemon's dac_read_search access. You could contact F5 Support to ask for help in resolving this issue. It will probably involve modifying the subdomain configuration. You can get some additional info from this related post:

     

     

    http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=2949829616

     

     

    Aaron
  • rajeev_81179's avatar
    rajeev_81179
    Icon for Nimbostratus rankNimbostratus
    Oct 29, 2009
    Hi Aaron,

     

     

    I restarted the ( bigstart restart subdomain ) and the error messages stopped, am not sure what happend, but looks like just a restart helped it
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Oct 29, 2009
    If you didn't change the subdomain config and bigd is still trying to do what it was doing, I'd expect the error to continue.

     

     

    Apparently dac_read_search is:

     

     

     

    http://ubuntuforums.org/archive/index.php/t-1049698.html

     

    dac_read_search means to bypass file read permission checks and directory read and execute permission checks

     

     

     

     

    The wrap_pinger is a process which (at least in 4.2) ensures only one instance of an external monitor script is running at a time:

     

     

     

    http://vegan.net/lb/archive/10-2003/0026.html

     

     

    Also, you no longer need to do you own pid file management in your

     

    external EAV's (at least not in 4.2+) - bigd spawns wrap_pinger which

     

    manages the pid file and killing off previously hanging around EAVs, then

     

    wrap_pinger spawns your EAV.

     

     

     

     

    So I'd guess you're using an external monitor and bigd's wrap_pinger process doesn't have permissions to read a directory or file per the subdomain configuration.

     

     

    Aaron