Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP Install/Upgrade, LTM
Known Affected Versions:
14.1.0.3, 14.1.0.2, 11.6.4
Fixed In:
14.1.0.6, 11.6.5.1
Opened: Mar 26, 2019 Severity: 3-Major
Some versions of BIG-IP software have removed the ability to access bash from users that have resource-admin roles. Upgrades to one of these versions may fail to load the configuration on the upgraded volume with a message in /var/log/ltm similar to: err mcpd[14994]: 01070825:3: Access denied - Administrators only: Custom shells only available to administrators, not testuser.
The upgraded volume's configuration does not load.
-- Users with the resource-admin role also have bash access. -- Upgrading to an affected version from certain versions.
You can use either of the following workarounds: -- Ensure that all users with the resource-admin role do not have bash access prior to upgrading. -- Hand-edit the bigip_user.conf to remove bash from any users with the resource-admin role and reload the configuration using the following command: tmsh load sys config
Upgrades no longer fail under these conditions.