Welcome to Community Week 2025! Join us to learn, connect, and be recognized as we celebrate the spirit of Community and the power of AI. Get the details  

On Linux dmidecode fails from ServiceNow, but runs successfully for Discovery account when logged into server

Go to solution
codycotulla
Tera Guru

‎09-30-2019 04:18 PM

I am getting dmidecode discovery failures when I run Discovery but running the same command is successful when I run it locally.

The command I am running is

sudo /usr/sbin/dmidecode -t 1 | cat

If I SSH to the server and log in using the discovery account, I can run the command successfully. 

In ServiceNow I get the following output

<result warn="User xx_account has no right to run /usr/sbin/dmidecode -t 1 under sudo; ">
<output>
/sys/firmware/dmi/tables/smbios_entry_point: Permission denied /dev/mem: Permission denied # dmidecode 3.2 Scanning /dev/mem for entry point.
</output>

I have the following entries in sudoers file:

Cmnd_Alias      CMDB_CMND = /sbin/fdisk -l, /usr/sbin/dmidecode -t ??, /usr/sbin/dmidecode -t ?
xx_account         ALL = (root) NOPASSWD:CMDB_CMND

Has anyone encountered this problem where the sudo dmidecode command works when you SSHt to the server, but fails from ServiceNow?

Any help is appreciated; let me know if you have any questions.

Thanks,

Cody

0 Helpfuls
  • 3,139 Views
1 ACCEPTED SOLUTION

Go to solution
tim_broberg
ServiceNow Employee
ServiceNow Employee

‎09-30-2019 04:26 PM

I don't think SSHCommand is smart enough to follow the alias, Cody.

Try defining it directly, or disabling the privilege command check with mid param mid.ssh.disable_privilege_check so that it just blindly runs sudo instead of checking whether we have permission first.
    - Tim.

View solution in original post

4 REPLIES 4

Go to solution
tim_broberg
ServiceNow Employee
ServiceNow Employee

‎09-30-2019 04:26 PM

I don't think SSHCommand is smart enough to follow the alias, Cody.

Try defining it directly, or disabling the privilege command check with mid param mid.ssh.disable_privilege_check so that it just blindly runs sudo instead of checking whether we have permission first.
    - Tim.

Go to solution
codycotulla
Tera Guru
In response to tim_broberg

‎10-01-2019 10:08 AM

Tim,

Big help. We went ahead and added the mid.ssh.diable_privilege_check parameter as a MID Server Property, and now the dmidecode commands are working.

I also found this KB article that talks about the problem:
https://hi.service-now.com/kb_view.do?sysparm_article=KB0712620

 

Again, really appreciate your help with this.

Cody

0 Helpfuls

Go to solution
tim_broberg
ServiceNow Employee
ServiceNow Employee
In response to codycotulla

‎10-01-2019 11:08 AM

Sweet! Thanks for the feedback.
    - Tim.

0 Helpfuls

Go to solution
RajeshGummadoju
Tera Contributor

‎05-21-2020 11:34 AM

We do have same issue for some Linux Servers

Error - sudo: dmidecode: command not found

we have tried runing  sudo /usr/sbin/dmidecode -t 1 | cat and getting results.

However the same command(sudo dmidecode -t 1 | cat) is working fine for other Linux Servers.

We have tried using mid property mid.ssh.diable_privilege_check parameter but still facing the same issue.

Please let me know your thoughts, thanks in advance.

Best Regards,

RajeSh

0 Helpfuls