• About

OraManageability

~ Advanced Oracle Systems Management

OraManageability

Tag Archives: pbrun8.5.1-01[112628]: 3201.07

Resolve PDP Error for Named Credentials

16 Monday Jan 2017

Posted by raysmithace in OEM 12c, OEM 13c, OEM Named Credentials, PDP

≈ 1 Comment

Tags

Exec of /usr/bin/pb_sudo failed: Operation not permitted, pbrun8.5.1-01[112628]: 3201.07, PDP execution may have failed 3430 Insecure operation

Background

Some of our named credentials use a privileged account to perform root actions via sudo. That account is not the same as the OEM agent binary owner and does not belong to the binary owner’s o/s groups for security reasons.

Sometime that causes problems, like this:

PDP execution may have failed 3430 Insecure operation – please consult your administrator pbrun8.5.1-01[112628]: 3201.07 Exec of /usr/bin/pb_sudo failed: Operation not permitted

The Powerbroker error is a symptom and not the real problem.  The real issue is that the privileged account lacks access to directories in the EM agent home.

Solution

Log into the host as the OEM binary owner and change the permissions as shown:

cd $AGENT_BASE
cd ../

 chmod 755 agent
 cd agent
 chmod 755 agent_inst

cd agent_inst
 chmod 775 diag
 chmod 755 bin install sysman
 chmod 740 internal
 
cd sysman
 chmod 755 ApplicationsState/ config/ emd/ log/ opmn/ recv/
 ls -las

Notice that we’re not changing any file permissions and we are not altering contents of the core/release directories, just agent_inst.

By the way:  This solution makes a very simple and convenient OEM Job.

 

Verification

In the console click through to Setup | Security | Named Credentials and highlight the privileged credential you need to test.  Select the previously broken host name from the Target Name list and hit the Test button.

image2017-1-12 7-58-53.png

Subscribe

  • Entries (RSS)
  • Comments (RSS)

Archives

  • March 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • June 2016
  • May 2016
  • March 2016
  • January 2016
  • December 2015
  • November 2015
  • September 2015
  • August 2015
  • June 2015
  • May 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • July 2014
  • June 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • March 2013
  • February 2013
  • January 2013

Categories

  • BetterTouchTools
  • BI Publisher
  • CAcert
  • EM 12.1.0/4
  • emctl
  • LDAP
  • My Oracle Support
  • ODSM Oracle Directory Services Manager
  • OEM 12c
  • OEM 13c
  • OEM Blackout
  • OEM Named Credentials
  • opmnctl
  • Oracle Inventory
  • Patching
  • PDP
  • Shell scripts
  • startManagedWebLogic.sh
  • SYSMAN
  • Uncategorized
  • updatecomponentregistration
  • User Community Development
  • VirtualBox

Meta

  • Register
  • Log in

Social media

  • View @raysmithace’s profile on Twitter
  • View smithray’s profile on LinkedIn

Top Clicks

  • f5.com/pdf/deployment-gui…
  • community.oracle.com/comm…
  • oracle.com/technetwork/oe…
  • boastr.net
  • oracle.com/technetwork/da…

Blog at WordPress.com.

Cancel