...
Please note that the installer needs to run with root privileges, and will terminate with an error message if this requirement is not met.
Alternative procedure if your /tmp should be mounted noexec
See paragraph above "Preparation: Is /tmp directory mounted noexec and/or fapolicyd service is installed and running?" for preferred procedure to this older procedure outlined here!
As pointed out above, the installer needs to extract the product files into a temporary directory and then install the extracted files.
This fails if the standard temp directory /tmp is mounted with the noexec mount flag.
The simplest workaround is to pick a different location for the temporary directory that is not affected by noexec and tell the installer about it by setting the environment variable TMPDIR.
...
Pick a suitable directoryroot's home directory is likely ok. Running mount should confirm - look for noexec. We recommend that you use an empty new temporary directory for the installer as that simplifies cleanup.
| Code Block |
|---|
cd; # you're in root's homedir now. or pick some other writable and executable place
mkdir installertemp
|
Tell the installer to use this local temporary directory and start the installation
| Code Block |
|---|
export TMPDIR=/installertemp
# this assumes that opProduct was downloaded/transferred into root's homedirectory; adjust the path accordingly if not.
sh ./opProduct-version.run |
Clean up the temporary directory
| Code Block |
|---|
rm -rf /installertemp
unset TMPDIR |
...
systemd:
| Code Block | ||
|---|---|---|
| ||
# edit omkd service
sudo systemctl edit omkd
# redefine the /tmp directory for omkd by adding the following entry to [Service] - add [Service] section if it is not already present:
[Service]
Environment="TMPDIR=/newtmp"
# reload the edited service
sudo systemctl daemon-reload
# restart the service
sudo systemctl restart omkd |
init.d:
| Code Block | ||
|---|---|---|
| ||
# Add them at line 18 (after the line # Do NOT "set -e").
TMPDIR="/newtmp"
export TMPDIR |
...
Obviously, /newtmp will need to exist. If the admin of the box needs to run any OMK programs manually, they will need to have exported TMPDIR=/newtmp before they do so.
Debugging implemented "Alternative procedure if your /tmp should be mounted noexec"
We can use the knowledge that OMK Daemons and scripts create a directory structure in their temp directory which will be of pattern /path/to/tmp/par-<hash_of_user>/ to check our implementation is complete.
| Code Block |
|---|
# After your installation has completed the steps in previous paragraph "Alternative procedure if your /tmp/ should be mounted noexec",
# stop all installed OMK daemons, then clean up the /tmp/par-*/ pattern directories:
sudo rm -rf /tmp/par-*/
# Start each daemon, one at a time, checking after each start whether there are any directories of pattern /tmp/par-*/ have been created.
sudo ls -lAth /tmp/par-*
# There shouldn't be: these directories should be in the /newtmp/ directory we have set to be used as /tmp/ with the TMPDIR setting:
sudo ls -lAth /newtmp/par-*
# Execute each OMK cronjob, one at a time, as the user they would run as in the cronjob, checking whether any directories of pattern /tmp/par-*/ have been created.
sudo ls -lAth /tmp/par-*
# If at any stage directories are found in this implementation with pattern
sudo ls -lAth /tmp/par-*
# closer inspection of that found directory can possibly provide details as to which executable was executed without correct TMPDIR setting.
# Each script will be in a subdirectory of pattern /cache-*/inc/script/ in the /tmp/par-*/ directories.
# Here is an example pointing to the OMK script baseline.pl (main.pl will always be present in this directory):
sudo ls -lAth /tmp/par-726f6f74/cache-39badc82ee407081680b01a8ed0ceb61c80c45cf/inc/script/
total 68K
-rw-r--r--. 1 root root 62K Nov 10 22:58 baseline.pl
-rw-r--r--. 1 root root 3.8K Nov 10 22:58 main.pl |
Available Installer Options
...