cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
23213
Views
5
Helpful
15
Replies

No root access after Prime Infrastructure upgrade to 3.1.0

dfaught
Level 1
Level 1

I opened a TAC case about this and was told that root access was taken away by design for additional security.  So far, I have not come up with a positive reason that I need it, but I am a little surprised that it was just taken away instead of going to something like sudo.  Just so you know.

15 Replies 15

Marvin Rhoads
Hall of Fame
Hall of Fame

That would be curious. I just checked one of my PI 3.1 hosts and I can access shell just fine:

CPI/admin# show ver
Cisco Application Deployment Engine OS Release: 3.1
ADE-OS Build Version: 3.1.0.001
ADE-OS System Architecture: x86_64
Copyright (c) 2009-2016 by Cisco Systems, Inc.
All rights reserved.
Hostname: CPI

Version information of installed applications
---------------------------------------------
Cisco Prime Infrastructure
********************************************************
Version : 3.1.0
Build : 3.1.0.0.132
CPI/admin#
CPI/admin#
CPI/admin# shell
Enter shell access password :
Starting bash shell ...
ade # uname -a
Linux CPI 2.6.32-573.22.1.el6.x86_64 #1 SMP Thu Mar 17 03:23:39 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux
ade #

Yes, the shell command is there now.  For PI, it used to be the root command and for LMS it has always been the shell command.  The shell command on PI gets you to a bash shell but does not have root authority.  Try to do a simple ls command right after getting into the PI shell.

I see what you mean. By default "shell" drops you into /root where you have no privilege as user "admin". You can navigate around to another directory where you can list files and such.


CPI/admin# shell
Enter shell access password :
Starting bash shell ...
ade # ls
ls: cannot open directory .: Permission denied
ade # pwd
/root
ade # cd /opt
ade # pwd
/opt
ade # users
admin
ade #
ade # ls -al
total 68
drwxr-xr-x. 11 prime gadmin 4096 Apr 29 02:19 .
dr-xr-xr-x. 30 root root 4096 Apr 29 04:04 ..
-rw-r--r--. 1 root root 0 Apr 28 19:47 .vmtoolsd
-rw-r--r--. 1 root root 0 Apr 28 19:38 .wcsinitialsetupdone
drwxrwxr-x. 55 prime gadmin 4096 May 6 12:01 CSCOlumos
lrwxrwxrwx. 1 root root 14 Apr 28 19:19 CSCOncs -> /opt/CSCOlumos
drwxr-xr-x. 3 root root 4096 Apr 28 19:19 MegaRAID
drwxr-xr-x. 3 root root 4096 Apr 28 19:21 ORCLfmap
drwxr-xr-x. 3 root root 4096 Apr 29 01:36 VMTools
drwxr-xr-x. 2 root root 4096 May 6 03:59 backup
drwx------. 2 root root 16384 Apr 29 01:32 lost+found
drwxrwxr-x. 6 oracle gadmin 4096 Apr 28 19:38 oracle
drwxr-xr-x. 4 root root 4096 Apr 29 01:46 pihooks
drwxr-xr-x. 8 root root 4096 Apr 29 01:37 system
ade #

Prime 3.1.0
-----------

ncs01/admin# shell
Enter shell access password :
Starting bash shell ...
ade # ls    
ls: cannot open directory .: Permission denied
ade
# sudo su
ade #
ade # ls
anaconda-ks.cfg  bin  install.log 
ade #

The sudo command does not work for me.  I get an error that says sysadmin is not in the sudoers file.  I'm a little curious why it looks like it works for you without entering the sysadmin password again.  Or so it appears.

Prime does not ask password after "sudo su" in my case.

 - Make sure you initially logon with the default admin account when connecting to Prime via SSH; then issue 'sudo -s' ; you will become root.

M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

When I installed PI 3, I changed the "Admin" account to something else.  None of this worked until I created a new Admin account named "Admin".  I had no problems installing VMWare Tools on previous versions of PI.

 - Becoming root (if that is what you mean), only works throuhg or via the  admin account (indeed).

M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

sudo -s won't work if you have renamed the default Prime admin cli account.

The admin account is listed in the base OS sudoers config.
Renaming the account during install does not update the sudoers config and thus the renamed admin account is unable to su.
You need to perform a linux rescue with the compatible CentOS boot ISO and update /etc/sudoers_cars.


@blehbleh wrote:

sudo -s won't work if you have renamed the default Prime admin cli account.

The admin account is listed in the base OS sudoers config.
Renaming the account during install does not update the sudoers config and thus the renamed admin account is unable to su.
You need to perform a linux rescue with the compatible CentOS boot ISO and update /etc/sudoers_cars.


 You don't need to do a linux rescue.

 

If “admin” account is missing, then create it while logged in as your alternate admin account.

 

host/sysadmin# conf t

host/sysadmin(config)# username admin password plain NEWPASSWORD role admin

host/sysadmin(config)# exit

host/sysadmin#

 

I have deployed PI 3.1 VM, and I could not run the commad " root_enable".

This is a right way to get root permition for me.

Then, I could install vmware tools .

Thanks a lot. 

As noted in this thread already, the command is now "shell".

It is best to use the ADE-OS environment to restart the server etc. so that the database shuts down gracefully.

beitland
Cisco Employee
Cisco Employee

<snippet> "I have not come up with a positive reason that I need it"

In the past I have needed access to install VMWare Tools in the virtual machine. I have searched the Prime Infrastructure 3.1 documentation and see no references to installing VMWare tools so I assume this is still the case. I would be interested in hearing if there is an alternate workaround or method to getting the tools installed.

I too am able to access the OS shell, but when trying to "su" get prompted for a password. I enter the password that was used to change to root on the Prime 3.0 install (before the upgrade) but this password no longer works. 

*** Update: running the command as super user (sudo) does work and no password is required. This was enough to get the cdrom mounted and the process started. ***  

Brett

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco