AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.


#Power
 View Only

  • 1.  sar command

    Posted Tue August 04, 2009 05:51 AM

    Originally posted by: SystemAdmin


    I am trying to run the sar command as a non root user but keep getting:
    sar: The file access permissions do not allow the specified action.

    The file permissions are:
    -r-xr-xr-x 1 bin bin 74606 16 Jun 2008 /usr/sbin/sar

    and the user is in the bin group. Any ideas?

    I'm at AIX 5300-08

    Thanks.
    #AIX-Forum


  • 2.  Re: sar command

    Posted Tue August 04, 2009 06:01 AM

    Originally posted by: tony.evans


    Without playing with it a lot, my experience is that non-root users can't run sar by default. It may be something that can be worked around, but I never bothered trying.
    #AIX-Forum


  • 3.  Re: sar command

    Posted Tue August 04, 2009 07:09 AM

    Originally posted by: SystemAdmin


    Cheers
    #AIX-Forum


  • 4.  Re: sar command

    Posted Wed August 05, 2009 03:31 AM

    Originally posted by: Montecarlo


    Non root users can run sar. This is probably a permission problem on /var/adm/sa or the sa files in this directory.
    Regards, Simon
    #AIX-Forum


  • 5.  Re: sar command

    Posted Wed August 05, 2009 04:15 AM

    Originally posted by: tony.evans


    Clean install of 6.1, non-root user,

    sar 1 1
    sar: The file access permissions do not allow the specified action.

    So, as I said, by default non-root users can't run sar, I'm sure it's possible to make some changes to allow it to happen, but it's not possible by default.

    Surely the /var/adm/sa directory is only used to look at historical sar data, sar 1 1 shouldn't be reading anything from that folder or writing anything to it?

    I'm no expert of sar so I'm sure there's some variance. My favourite part of the sar man page on AIX 5.3 is this,

    ----
    With AIX 5.4 and later versions, you can use the accounting system based on the Scaled Performance Utilization Resources Register (SPURR).
    ----
    #AIX-Forum


  • 6.  Re: sar command

    Posted Wed August 05, 2009 05:57 AM

    Originally posted by: Montecarlo


    Strange, I've just checked a 6.1 nim server clean installed at 6.1 then upgraded to 6100-03-01-0921. I can run sar as an unprivileged user. I'm reasonably sure that sar with no flags reads the current sa file in /var/adm/sa
    My all time favourite problem determination message is: "An error has occurred. Perform problem determination procedures and retry."
    Cheers, Simon
    #AIX-Forum


  • 7.  Re: sar command

    Posted Wed August 05, 2009 06:09 AM

    Originally posted by: tony.evans


    There's nothing in /var/adm/sa unless you schedule the sar cronjobs under the adm user.

    If the cronjobs aren't enabled you see this without any parameters,

    
sar sar: 0551-201 Cannot open /var/adm/sa/sa05. sar: 0551-213 Try running /usr/lib/sa/sa1 <increment> <number>


    Curious that we have different experiences. Here's the relevant permissions from my end,

    
ls -l /usr/bin/sar lrwxrwxrwx    1 bin      bin              13 01 Jun 15:05 /usr/bin/sar -> /usr/sbin/sar ls -l /usr/sbin/sar -r-xr-xr-x    1 bin      bin           92802 27 Mar 15:47 /usr/sbin/sar ls -ld /var/adm/sa drwxrwxr-x    2 adm      adm             256 11 Dec 2008  /var/adm/sa


    Although it could easily be some other file/device that's causing the issue I guess.
    #AIX-Forum


  • 8.  Re: sar command

    Posted Fri April 06, 2018 05:51 AM

    Originally posted by: mgregorc


    Almost 10 years later, but I faced the same issue.

    The problem is lack of execution for others on /usr/lib/sa/sadc. (I found it by looking into syscalls)

    chmod o+x /usr/lib/sa/sadc will fix it.

    On the other hand, this binary has root ownership and suid (u+s) so I am not sure what are security downsides of executing it as any user.

    All in all non-root users can now execute sar. 


    #AIX-Forum


Related Content