Tags
Exec of /usr/bin/pb_sudo failed: Operation not permitted, pbrun8.5.1-01[112628]: 3201.07, PDP execution may have failed 3430 Insecure operation
Background
Some of our named credentials use a privileged account to perform root actions via sudo. That account is not the same as the OEM agent binary owner and does not belong to the binary owner’s o/s groups for security reasons.
Sometime that causes problems, like this:
PDP execution may have failed 3430 Insecure operation – please consult your administrator pbrun8.5.1-01[112628]: 3201.07 Exec of /usr/bin/pb_sudo failed: Operation not permitted
The Powerbroker error is a symptom and not the real problem. The real issue is that the privileged account lacks access to directories in the EM agent home.
Solution
Log into the host as the OEM binary owner and change the permissions as shown:
cd $AGENT_BASE cd ../ chmod 755 agent cd agent chmod 755 agent_inst cd agent_inst chmod 775 diag chmod 755 bin install sysman chmod 740 internal cd sysman chmod 755 ApplicationsState/ config/ emd/ log/ opmn/ recv/ ls -las
Notice that we’re not changing any file permissions and we are not altering contents of the core/release directories, just agent_inst.
By the way: This solution makes a very simple and convenient OEM Job.
Verification
In the console click through to Setup | Security | Named Credentials and highlight the privileged credential you need to test. Select the previously broken host name from the Target Name list and hit the Test button.