Bug ID 765033: Upgrades to versions that restrict resource-admin users from accessing bash may fail under certain conditions

Last Modified: Dec 14, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP Install/Upgrade, LTM(all modules)

Known Affected Versions:
14.1.0.3, 14.1.0.2, 11.6.4

Fixed In:
14.1.0.6, 11.6.5.1

Opened: Mar 26, 2019
Severity: 3-Major

Symptoms

Some versions of BIG-IP software have removed the ability to access bash from users that have resource-admin roles. Upgrades to one of these versions may fail to load the configuration on the upgraded volume with a message in /var/log/ltm similar to: err mcpd[14994]: 01070825:3: Access denied - Administrators only: Custom shells only available to administrators, not testuser.

Impact

The upgraded volume's configuration does not load.

Conditions

-- Users with the resource-admin role also have bash access. -- Upgrading to an affected version from certain versions.

Workaround

You can use either of the following workarounds: -- Ensure that all users with the resource-admin role do not have bash access prior to upgrading. -- Hand-edit the bigip_user.conf to remove bash from any users with the resource-admin role and reload the configuration using the following command: tmsh load sys config

Fix Information

Upgrades no longer fail under these conditions.

Behavior Change