NetBackup Web Management Console fails to start '/usr/openv/wmc/webserver/logs/nbwmc.log: Permission denied'

NetBackup Web Management Console fails to start '/usr/openv/wmc/webserver/logs/nbwmc.log: Permission denied'

Article: 100044639
Modified: 2019-02-08
Ratings: 1 0
Product(s): NetBackup

Problem

This issue has been observed on UNIX master servers in the following ways.

1. Upgrading to NetBackup 8.1.x fails.

From the install trace log
Example:
/usr/openv/tmp/install_trace.5903

Unable to configure target host.
Deploying AT certificate for web user.

WARNING: Failed to deploy AT certificate for web user.
        You must separately run /usr/openv/netbackup/bin/admincmd/nbcertconfig -u to
        resolve the issue.
Deploying AT certificate for web services.

2. After an upgrade the NetBackup services fails to start NBWMC (NetBackup Web Management Console).

# /usr/openv/netbackup/bin/goodies/netbackup start
NetBackup network daemon started.
NetBackup Database Server started.
NetBackup Authentication daemon started.
NetBackup Authorization daemon started.
NetBackup Audit Manager started.
Starting NetBackup Web Management Console could take a couple of minutes .sh: /usr/openv/wmc/webserver/logs/nbwmc.log: Permission denied

3. Manually running 'nbcertconfig -u -i' as part of a troubleshooting or reconfiguration procedure.

# /usr/openv/netbackup/bin/admincmd/nbcertconfig -u -i
NetBackup AT service configuration for web service user failed.

Error Message

nbcert log

Log Path:
/usr/openv/netbackup/logs/nbcert/root.mmddyy_00001.log

17:08:34.046 [26263] <8> nbcertconfig: EAT_LOG:(../os_abstraction.c,132)Failed to stat file (/usr/openv/var); err 13
17:08:34.046 [26263] <16> nbcertconfig: EAT_LOG:(../atlocal_config.c,1081)Failed to create local config from data directory </usr/openv/var/global/vxss/nbcertservice/nbwebsvc>
... <content removed for clarity>
17:08:34.046 [26263] <8> nbcertconfig: EAT_LOG:(../api.c,598)vrtsatLibraryUnload: load count now 2
17:08:34.046 [26263] <16> nbcertconfig: EAT_LOG:(../api.c,1101)vrtsAtInit(S): initialize failed 24630
17:08:34.046 [26263] <16> initializeATHandle: vrtsAtInitEx() for data_dir /usr/openv/var/global/vxss/nbcertservice/nbwebsvc FAILED 24630
17:08:34.046 [26263] <16> authenticateUser: initializeATHandle() failed, error =103
17:08:34.046 [26263] <16> generateNbWebSvcUserCert: authenticateUser() failed, error = 116
17:08:34.046 [26263] <16> nbcertconfig: EXIT STATUS 116 AT configuration for web service user failed

Cause

The above symptoms have been observed in two scenarios.

1. With incorrect permissions on the /usr/openv directory.

2. In a cluster install with incorrect permissions on the /opt/VRTSnbu/var directory.

Example of incorrect permissions (700):

# ls -l /usr | grep openv
drwx------   20 root root  4096 Apr 30  2018 openv

In a cluster:

# ls -l /opt/VRTSnbu/ | grep var
drwx------  3 root bin    96 Mar 16  2016 var/

Solution:

The correct (default) permissions are 755:

Example:
# ls -l /usr | grep openv
drwxr-xr-x   20 root root  4096 Apr 30  2018 openv

In a cluster:
# ls -l /opt/VRTSnbu/ | grep var
drwxr-xr-x 3 root root 96 Sep 27 11:29 var/

If the permissions on /usr/openv and or /opt/VRTSnbu/ are found to be incorrect, do the following:

1. Stop all NetBackup services.

a. If this is a VCS cluster, freeze the nbu_group.
# /opt/VRTSvcs/bin/haconf -makerw
# /opt/VRTSvcs/bin/hagrp -freeze nbu_group -persistent

b. Stop NetBackup.
# /usr/openv/netbackup/bin/goodies/netbackup stop

2. Change the permissions.

# chmod 755 /usr/openv

If a cluster:
# chmod 755 /opt/VRTSnbu/var

3. Start NetBackup.

a. If this is a VCS cluster.

Check for and clear any faults:

# /opt/VRTSvcs/bin/hastatus -sum

# /opt/VRTSvcs/bin/hagrp -clear nbu_group -sys (nodename)

Unfreeze the cluster group:

# /opt/VRTSvcs/bin/hagrp -unfreeze nbu_group -persistent

# /opt/VRTSvcs/bin/haconf -dump -makero

b. Start the master server.

# /usr/openv/netbackup/bin/goodies/netbackup start

 

NOTES:

It is important that the entire parent directory structure starting with /usr have default permissions (755) so that the websvc_user can read and search the contents of /usr/openv/var.

If /usr/openv is a symbolic link, all 3 of the following must also have default permissions (755) to allow access:

  • The directory in which the symbolic link resides
  • The target directory to which the link refers
  • The parent directory of the target directory

 

In a VCS Cluster /usr/openv/var/global is a link to /opt/VRTSnbu/var/global

Example:
[root@node /]# ls -l /usr/openv/var/global
lrwxrwxrwx 1 root root 23 Feb  7 09:55 /usr/openv/var/global -> /opt/VRTSnbu/var/global

 

Was this content helpful?