Description

When installing BoKS on an AIX VIO or LPAR server, the following files in /etc/security get zero'd out:

------ 1 root security 0 Oct 13 11:28 /etc/security/roles

------ 1 root security 0 Oct 13 11:28 /etc/security/privfiles

------ 1 root security 0 Oct 13 11:28 /etc/security/privdevs

------ 1 root security 0 Oct 13 11:28 /etc/security/privcmds

------ 1 root security 0 Oct 13 11:28 /etc/security/authorizations

Cause

The issue is that the host was registered on the Master with xRBAC controls enabled. Since no roles are defined in BoKS, the files get zero'd out.

Resolution / Workaround

When installing a new VIO/LPAR, make sure to set the rolesettest flag for the Server Agent on the Master as follows:

Notes

We find that many customers do not use the xRBAC controls with BoKS, but AIX VIO/LPAR systems use RBAC by default to manage local permissions. Generally, customers just want to leave the OS-defaults in place and not have BoKS manage them. Following the instructions above will meet this objective.

If you want to use BoKS to manage the RBAC settings, please see the BoKS Manager Administration Guide for more information.

When you uninstall BoKS, the saved RBAC configuration is restored automatically. If you would rather not restore the original configuration, you can run uninstall with the -r option.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: June 28, 2019