ACC Plugin for Linux devices - permission denied

Doci1
Kilo Sage

Hi, I have a following use case:

I created functionality, which is able to switch ACC Agent from one instance to another. Basically what it does that ACC Plugin has two ruby scripts, one verifies that ACC Plugin is correctly propagated to target machine and second ruby script takes the ACC config file, parse backend URL, and API key, insert new values (for target instance) and restart acc service.  ACC Plugin is self-signed based on this doc.  On windows works flawlesly. But on Linux it shows:

Check failed to run. Response code: 3

fork/exec /var/cache/servicenow/agent-client-collector/linux_new/bin/acc_mgmt_switch_instance3.rb: permission denied
 

1. ACC Agent was installed on target machine according to SN doc

2. I configured "sudoers" based on point 6. and 7. from official doc. 

3. (for testing I changed ACC config: verify-plugin-signature to false)

4. Plugin is correctly propagated to linux folder where are all other plugins stored: /var/cache/servicenow/agent-client-collector/linux_new/bin

5. If I grant permissions on the linux machine "sudo chmod +x /var/cache/servicenow/agent-client-collector/linux_new/bin/acc_mgmt_propagate_plugin3.rb" it will grant permission to the script and it works from SN Instance, when I call related check. SO far GOOD

6. However, it means, that I have to go to LINUX and grant this permission on each linux machine separatedly? What if I will have 100 linux machines? I have to go there physically 100 times and change the permissions?

7. We have tried to grant permission to higher folder, in my case /var/cache/servicenow/agent-client-collector with command "sudo setfacl -Rm u:servicenow:r-X /var/cache/servicenow/agent-client-collector", which gave user "servicenow" access to all subordinate folders, but not to files (on my case scripts). (see picture)

Doci1_0-1714646875569.png

 

Questions:

1. Whenever I will create new ACC Plugin, f.e. with some fixes in ruby scripts, I have to grant permissions again on each machine?

2. Is there any command, which will grant permission to servicenow user to all folders and files in /var/cache/servicenow/... ??

3. Have you come across this issue and find out how it works?

 

Thanks a lot in advance.

1 ACCEPTED SOLUTION

Doci1
Kilo Sage

Hi, I was able to solve it myself. 

The issue was between chair and keyboard (as in most cases)

It is in the DOC and on the table Agent Client Collector Plugin [sn_agent_asset] itself:

To create a tar.gz file:

  • Create a folder on your local machine
  • Create sub-folder called bin
  • Place scripts and executables in the bin folder
  • In case of Linux/Mac scripts/executables run chmod +x filename on each of those files
  • ...

The issue was that I did ACC Plugin originally only for Windows, so I skipped this step and then i forgot...

With this command it works.

View solution in original post

1 REPLY 1

Doci1
Kilo Sage

Hi, I was able to solve it myself. 

The issue was between chair and keyboard (as in most cases)

It is in the DOC and on the table Agent Client Collector Plugin [sn_agent_asset] itself:

To create a tar.gz file:

  • Create a folder on your local machine
  • Create sub-folder called bin
  • Place scripts and executables in the bin folder
  • In case of Linux/Mac scripts/executables run chmod +x filename on each of those files
  • ...

The issue was that I did ACC Plugin originally only for Windows, so I skipped this step and then i forgot...

With this command it works.