Because of the prior failure due to whoami, I had to uninstall IPM before another install could be attempted. Then I modified /product/CSCO/CSCOipm/bin/ipm.sh as shown as soon as I saw it created. Did this modification cause the pkg verification error?

INFO: Creating symlink from /product/CSCO/CSCOcwbS/db/CSCOipm/stopDbServer.sh

INFO: to /product/CSCO/CSCOipm/bin/stopDbServer.sh

INFO: Creating symlink from /product/CSCO/CSCOcwbS/vbroker/bin/osagent

INFO: to /product/CSCO/CSCOipm/bin/osagent

INFO: Creating symlink from /product/CSCO/CSCOcwbS/vbroker/bin/osfind

INFO: to /product/CSCO/CSCOipm/bin/osfind

INFO: Creating symlink from /product/CSCO/CSCOcwbS/bin/CWB_msgLogServer

INFO: to /product/CSCO/CSCOipm/bin/CWB_msgLogServer

INFO: Creating symlink from /product/CSCO/CSCOipm/clientSoftware/Solaris

INFO: to /product/CSCO/CSCOipm/htdocs/Solaris

INFO: Creating symlink from /product/CSCO/CSCOipm/clientSoftware/NT

INFO: to /product/CSCO/CSCOipm/htdocs/NT

INFO: Adding ipmAging utility to cron.

INFO: Updating properties files...

ipm.conf

INFO: Creating symlink from /product/CSCO/CSCOipm/etc/ipm.conf

INFO: to /product/CSCO/CSCOcwbS/etc/ipm.conf

Installation of was successful.

INFO: Checking Installation.

INFO: Package CSCOcwbS installed OK. Verifying... OK.

INFO: Package CSCOipm-s installed OK. Verifying... BAD.

ERROR: Problems found during Base Installation:

ERROR: Failed pkgs:

ERROR: Invalid pkgs: CSCOipm-s

ERROR: Base component(s) failed package verification. See prior ERRORS.

ERROR: ****

ERROR: The system will not be started due to an installation failure

ERROR: of one or more Base components.

ERROR: ****

============================- Error Summary -===========================

ERROR: Problems found during Base Installation:

ERROR: Failed pkgs:

ERROR: Invalid pkgs: CSCOipm-s

ERROR: Base component(s) failed package verification. See prior ERRORS.

ERROR: ****

ERROR: The system will not be started due to an installation failure

ERROR: of one or more Base components.

ERROR: ****

========================================================================

Started : Fri Mar 30 13:00:39 EDT 2007

Finished: Fri Mar 30 13:05:47 EDT 2007

Then I held off modifying /product/CSCO/CSCOipm/bin/ipm.sh until after

INFO: Package CSCOipm-s installed OK. Verifying...

But eventually it still failed again. Does this mean I need to remove the whoami in IPM 2.6's setup.sh?

Registering IPM with CMIC...

Registering IPM with CCR...

Registering IPM with PSU...

Integrating IPM server with CiscoWorks Common Services... is successful

INFO: Updating Database Stored Procedures...

ERROR: ipm script must be run as root for this option.

Cannot login to the CWB_IPM server with the given information.

Verify the password and server name and try again.

ERROR: Database Passwords not synchronised.

ERROR: ipm script must be run as root for this option.

Error: Administrative Password Enable failed.

Use 'ipm password' command to enable Administrative Password after install.

To use this product, set your path to:

/product/CSCO/CSCOipm/bin:$PATH

Check the documentation for supported browsers and versions.

============================- Error Summary -===========================

ERROR: ipm script must be run as root for this option.

ERROR: Database Passwords not synchronised.

ERROR: ipm script must be run as root for this option.

========================================================================

The problem is not in the IPM installer, but still in the ipm.sh script. Since you are already uid 0, can you not do:

su - root

Then complete the installation? This will not require you to have root's password.

Good one. Never thought of that. I'll try that route.

Still the same error, even though whoami is returning "root" now:

Registering IPM with CMIC...

Registering IPM with CCR...

Registering IPM with PSU...

Integrating IPM server with CiscoWorks Common Services... is successful

INFO: Updating Database Stored Procedures...

ERROR: ipm script must be run as root for this option.

Cannot login to the CWB_IPM server with the given information.

Verify the password and server name and try again.

ERROR: Database Passwords not synchronised.

ERROR: ipm script must be run as root for this option.

Error: Administrative Password Enable failed.

Use 'ipm password' command to enable Administrative Password after install.

To use this product, set your path to:

/product/CSCO/CSCOipm/bin:$PATH

Check the documentation for supported browsers and versions.

============================- Error Summary -===========================

ERROR: ipm script must be run as root for this option.

ERROR: Database Passwords not synchronised.

ERROR: ipm script must be run as root for this option.

========================================================================

Started : Fri Mar 30 14:28:02 EDT 2007

Finished: Fri Mar 30 14:37:07 EDT 2007

What does whoami report when you "su - root"? It really should say root:

marcus@rtp-christmas# \su - root

Sun Microsystems Inc. SunOS 5.9 Generic May 2002

# /usr/ucb/whoami

root

#

I have to use \su since I have an alias to su which builds my environment properly.

Wait, I take everything back. I just doublechecked on another box, that /usr/ucb/whoami

always reports "root" as long as the uid is 0, regardless of whether the account I su to is "root" or otherwise. So I've been "root" to "whoami" all along. There must be more to the real root than uid 0 and the name. Here's my previous query in Dec, 2006.

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddcf365/0#selected_message

Doesn't look like there's any way around getting the root access.

What does ls -l /opt/CSCOipm/bin/ipm look like?

Since each failure requires an uninstall, these have been basically new installs of IPM 2.6.

ls -l /product/CSCO/CSCOipm/bin/ipm

-rwxr-x--- 1 a***d casusers 62068 Nov 30 2004 /product/CSCO/CSCOipm/bin/ipm

a***d is an App ID set up with the same UID as casuser, so I can manipulate the files owned by casuser without going into the uid 0 account (whose password expires every 24 hours). We knew casuser had to be above a***d in /etc/passwd, lest the latter takes over file ownerships of casuser. Your question prompted me to look at /etc/passwd again. It looks like somewhere along the line, casuser has been added to /etc/passwd anew. So now a***d is in the middle, while casuser is at the end of /etc/passwd.

Okay, that may be part of your problem. This is what is happening. The ipm executable does a getpwnam on casuser and gets back a UID. It then does a setuid call to that UID prior to executing the ipm.sh script. Part of this script's job is to check to make sure it's running as casuser. It does that by doing a whomai, and checking to see that the user is casuser.

So, if the UID for casuser maps to another username, you will break IPM. casuser MUST appear before this other username in /etc/passwd so that the forward and reverse mapping prefers casuser over this other user.

I can't stress enough how unsupported your configuration is. Not only will you break the UID/user mappings, chaning ownership of files breaks the package map. What you should be doing is putting your username in the casusers group. This will give you access to everything you need without messing up file permissions or ownership.

Well, I think we had that setup because there're certain LMS files laid down, owned by casuser (the user) but not writable to casusers (the group).

But isn't it a glitch (from what I can see) that the IPM install process removes the existing casuser in /etc/passwd and appends a new one to the end? The timestamp seems to indicate so:

-r--r--r-- 1 root other 9637 Mar 30 15:57 passwd

Yes, the IPM installer attempts to set casuser's shell to /dev/null regardless of the existing value. This results in casuser being taken out of its existing place in the file, and appended to the end. This can be problematic, but will not longer be a problem in LMS 3.0.