Support Center > Search Results > SecureKnowledge Details
Networking commands (e.g., ping) executed by RBA user in Clish on VSX Gateway do not work correctly Technical Level
  • External networking commands (e.g., ping) executed in Clish by RBA user on VSX Gateway do not work correctly.

    Example for external "ping" command:

    1. Add an RBA role that is allowed to run an external "ping" command:
      HostName> add rba role pingRole domain-type System readwrite-features ext_ping
    2. Add new user with a UID 103-65533, default shell Clish (/etc/ and assign the "ping" role to that user:
      HostName> add user TestUser uid 104 homedir /home/TestUser
      HostName> set user TestUser password
    3. Assign the "ping" role to the new user:
      HostName> add rba user TestUser roles pingRole
    4. Save Gaia Database:
      HostName> save config
    5. Log in to Gaia OS (Clish) with new user
    6. Run the "ping" command - there is no output, just the command prompt
    7. Change the default shell for the new user from Clish (/etc/ to Bash (/bin/bash):
      HostName> set user TestUser shell /bin/bash
    8. Save Gaia Database:
      HostName> save config
    9. Log in to Gaia OS (Expert mode) with new user
    10. Run the "ping" command - there is an expected output
  • This Issue affects any external networking command (that has to use a socket) on a VSX Gateway.

  • This issue does not occur on a non-VSX Gateway.


When the user performs any external command from Clish on a VSX Gateway, Clish checks the command's ability to be executed in the specified Virtual System.

For this reason, Clish tries to update options for the arbitrary netlink socket in user's environment.

When the user's effective UID is 0 (admin user), this operation is performed correctly.

The user that belongs to any role/group with UID 103-65533 does not have the required capability, and the update of the socket options fails.

Note: To view this solution you need to Sign In .