Support Center > Search Results > SecureKnowledge Details
Networking commands (e.g., ping) executed by RBA user in Clish on VSX Gateway do not work correctly
Symptoms
  • External networking commands (e.g., ping) executed in Clish by RBA user on VSX Gateway do not work correctly.

    Example for external "ping" command:

    1. Add an RBA role that is allowed to run an external "ping" command:
      HostName> add rba role pingRole domain-type System readwrite-features ext_ping
    2. Add new user with a UID 103-65533, default shell Clish (/etc/cli.sh) and assign the "ping" role to that user:
      HostName> add user TestUser uid 104 homedir /home/TestUser
      HostName> set user TestUser password
    3. Assign the "ping" role to the new user:
      HostName> add rba user TestUser roles pingRole
    4. Save Gaia Database:
      HostName> save config
    5. Log in to Gaia OS (Clish) with new user
    6. Run the "ping" command - there is no output, just the command prompt
    7. Change the default shell for the new user from Clish (/etc/cli.sh) to Bash (/bin/bash):
      HostName> set user TestUser shell /bin/bash
    8. Save Gaia Database:
      HostName> save config
    9. Log in to Gaia OS (Expert mode) with new user
    10. Run the "ping" command - there is an expected output
  • Issue affects any external networking command (that has to use a socket) on VSX Gateway.

  • This issue does not occur on non-VSX Gateway.

Cause

When user performs any external command from Clish on VSX Gateway, Clish is checking the ability for the command to be executed in specified Virtual System.

For this reason, Clish is trying to update options for arbitrary netlink socket in user's environment.

When user's effective UID is 0 (admin user), this operation is performed correctly.

The user that belongs to any role/group with UID 103-65533 does not have the required capability, and update of socket options fails.


Solution
Note: To view this solution you need to Sign In .