What permissions to be set on host /var/tmp/foreman-proxy/foreman-ssh-cmd-*/script for remote execution?

Environment

• Red Hat Satellite 6

Issue

• What permissions to be set on the host /var/tmp/foreman-proxy/foreman-ssh-cmd-*/script for remote execution so that the intended user can run the script?

Resolution

• On the host, the /var/tmp/foreman-proxy/foreman-ssh-cmd-/script or /var/tmp/foreman-ssh-cmd-/ file dynamically gets created on the execution of any remote job from the Red Hat Satellite and gets 777 permission set by default.

• Manual changes to it is possible, but the permission has to be given as per the "remote_execution_effective_user" settings to re-run the job.

• For example, if remote_execution_effective_user root under Settings 700 permission will also work as, root can have full access, but if the remote_execution_effective_user would have been other than root then rerunning the same job would fail.

• On the host running remote jobs, ensure noexec is not set on /tmp or /var/tmp. Refer to solution article for more details.

• If fapolicyd is enabled on the host, refer to the solution Content host enabled with fapolicyd rules is preventing the Remote Execution from Red Hat Satellite

For more KB articles/solutions related to Red Hat Satellite 6.x Remote Execution Issues, refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Remote Execution Issues

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.