This applies only to the stand-alone Identity Servers and stand-alone ESP-SSLVPN servers.
For just these two particular stand-alone NAM components, the auditing process "lcache" runs as novlwww but the default folder location specified on its command-line "/var/opt/novell/naudit/cache" is unfortunately owned by root.
Auditing itself does work, but unfortunately due to this permissions issue, should the audit server go down then both the standalone IDP and standalone ESP-SSLVPN are unable to create cache files to preserve events that occur during that outage.
betanamids1:/var/opt/novell/naudit/cache # ps aux | grep -i lcache
novlwww 7777 0.0 0.0 11212 1328 ? Sl 15:58 0:00 lcache -dir:/var/opt/novell/naudit/cache -port:1288 -slsport:1289 -int:600 -c
betanamids1:/var/opt/novell/naudit/cache # l /var/opt/novell/naudit/cache
total 12
drwxrw--w- 3 root root 4096 Dec 22 15:17 ./
drwxr----- 3 root root 4096 Dec 22 15:17 ../
drwxr----- 2 root root 4096 Dec 22 15:17 backup/
As soon as I "chmod -R novlwww.novlwww /var/opt/novell/naudit" -- and reboot, the cache files are IMMEDIATELY created (long, funky hexidecimal filenames).
For the Administration Console, it is a different story because there the "lcache" process runs as root, so it can save to the default location also owned by root.
Also for the MAG Appliance, it is a different story because eventhough the "lcache" process runs as novlwww, fortunately for it the default location it specifies on the lcache command-line (/var/opt/novell/tomcat5/auditcache) has already been set for ownership to novlwww.
- Stefan
For just these two particular stand-alone NAM components, the auditing process "lcache" runs as novlwww but the default folder location specified on its command-line "/var/opt/novell/naudit/cache" is unfortunately owned by root.
Auditing itself does work, but unfortunately due to this permissions issue, should the audit server go down then both the standalone IDP and standalone ESP-SSLVPN are unable to create cache files to preserve events that occur during that outage.
betanamids1:/var/opt/novell/naudit/cache # ps aux | grep -i lcache
novlwww 7777 0.0 0.0 11212 1328 ? Sl 15:58 0:00 lcache -dir:/var/opt/novell/naudit/cache -port:1288 -slsport:1289 -int:600 -c
betanamids1:/var/opt/novell/naudit/cache # l /var/opt/novell/naudit/cache
total 12
drwxrw--w- 3 root root 4096 Dec 22 15:17 ./
drwxr----- 3 root root 4096 Dec 22 15:17 ../
drwxr----- 2 root root 4096 Dec 22 15:17 backup/
As soon as I "chmod -R novlwww.novlwww /var/opt/novell/naudit" -- and reboot, the cache files are IMMEDIATELY created (long, funky hexidecimal filenames).
For the Administration Console, it is a different story because there the "lcache" process runs as root, so it can save to the default location also owned by root.
Also for the MAG Appliance, it is a different story because eventhough the "lcache" process runs as novlwww, fortunately for it the default location it specifies on the lcache command-line (/var/opt/novell/tomcat5/auditcache) has already been set for ownership to novlwww.
- Stefan