cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Linux / sapuxuserchk / sapcpe

schuess
Explorer

on ‎05-29-2018 9:30 AM

0 Kudos

Hi

I'm wondering how you deal with sapuxuserchk and/or why SAP does not cope with the below problem:

* When we installed SAP Systems / SAP Kernel patches manually in the past we executed saproot.sh, which sets sticky bit and permissions for the file sapuxuserchk in ASCS and DVEBMGS kernel folders

* If we now do updates/kernel patches via SUM oder elselike I more often realise these sapuxuserchk executables are never overwritten, because normally this takes care via sapcpe which cannot overwrite these files due to root-ownership

Currently, we deployed newest kernels via SUM SPS maintenance; files sapuxuserchk however, are still dated 2014 🙂

Of course, I can do this manually; with >100 SAPSIDs this kind of a time consuming task.

How do you cope with that?

Why does SAP not make sure a new copy of sapuxuserchk is written to DIR_EXE if I execute saproot.sh or cope with that problem during SUM runs or the like?

Do I still need to execute saproot.sh / set sticky-bits and ownership in current kernel at all? Because all I can find in official SAP notes refers to old 720-kernels

Curious regards

Michael

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

isaias_freitas
Advisor
Advisor
‎05-29-2018 1:46 PM
0 Kudos

Hello Michael,

The sapuxuserchk is still used / might still be required, depending on your servers' / landscape configuration.

Thus, I would say that it still recommended to updated it and set the appropriate permissions (suid bit, owned by "root:sapsys").

One test you could do is to remove the suid bit and change the ownership of the file to "SIDadm:sapsys". Then, logon with a user that is not SIDadm and execute:

/path/to/sapcontrol -nr XX -queryuser -function AccessCheck Stop

- "XX" is the instance number

- With the "queryuser" argument, sapcontrol will ask for a user/password interactively. Provide the SIDadm credentials.

If the sapcontrol command works while sapuxuserchk does not have suid and is owned by root:sapsys, then the auxiliary tool sapuxuserchk would not be required at your environment.

If it fails, set the suid again and change the ownership back to root:sapsys. Repeat the test and it should be successful this time.

Regards,

Isaías

Show replies
Show replies
Ask a Question