Forum Discussion
Distance_Vector
Nimbostratus
Nimbostratuspermission denied when trying to save config as radius authenticated user in tmsh
Hello,
I'm authenticated as a radius user (Role Administrator):
[iz@ibd-lb211c:/S1-green-P:Active] ~ $ id
uid=499(f5_remoteuser) gid=499(f5_remoteuser) groups=499(f5_remoteuser) context=user_u:system_r:unconfined_t
[iz@ibd-lb211c:/S1-green-P:Active] ~ $ echo $REMOTEROLE
0
However, I can't save the configuration from tmsh:
iz@ibd-lb211c(/S1-green-P:Active)(/Common)(tmos.auth) save /sys config
Unexpected Error: Can't create tmsh temp directory "/config/.config.backup" Permission denied
It is clear, why: root owns /config and UID 499 doesn't have permission to write there.
So in the next step, I created /config/.config.backup and gave UID 499 permission to write it.
Now I get:
iz@ibd-lb211c(/S1-green-P:Active)(/Common)(tmos.auth) save /sys config
mv: cannot move `/config/bigip.conf' to `/config/.config.backup/Kai02H/bigip.conf': Permission denied
"mv -f /config/bigip.conf /config/.config.backup/Kai02H/bigip.conf": Unknown error 256
Unexpected Error: Can't backup the existing file "/config/bigip.conf", to "/config/.config.backup/Kai02H/bigip.conf", File exists
Obviously tmsh doesn't communicate to a daemon process which then writes the config, instead tmsh itself attempts to write the config directly. However, I am logged in as Administrator and want to be able to just write the config from tmsh.
Does anyone has an idea what I could do to make it working?
Thanks,
D
Distance_Vectorbtw here is the workaround I'm currently using:proc script::run {} { puts -nonewline "password: " flush stdout catch { exec /bin/su -c "tmsh save /sys config" } output puts "" set output [string map { "Password:" "" } $output] puts $output return 0 }
So I can as a radius user run that script which calls su which calls tmsh (as root) and does the save. This works but is insufficient. I'd need a solution without being asked for the root password.