Error
After export pmgit sends the error message:
# pmgit export --git-url <Git_URL>
Creating backup from SVN repository ... [ OK ]
Creating directory for local Git repository ... [ OK ]
Cloning SVN ... [ OK ]
Setting Git remote ... [ OK ]
Push Git repository to remote ... [ ERROR ]
To <Git_URL>
! [rejected] <Git_branch> -> <Git_branch> (fetch first)
error: failed to push some refs to '<Git_URL>'
Cause
You tried to export to a Git repository which is not empty.
Effect
You are unable to export the policies to that Git repository.
Solution
Create an empty bare repository.
Example
This is an example for creating an empty bare Git repository from command line.
git init --bare <repo_name>.git
Safeguard for Sudo might reject a sudo command. For example, let us assume you ran the following command:
$ sudo id
and received output similar to the following:
<user> is not in the sudoers file. This incident will be reported.
Request rejected by Safeguard
There are several things you can do to troubleshoot this issue.
To troubleshoot why a sudo command is rejected
Run the following from the policy server:
- To ensure the user has permission, run the following as a sudo administrator.
# sudo -U <username> -l
- To check that the policy is located at /etc/opt/quest/qpm4u/policy/sudoers is the current version, run:
# pmpolicy masterstatus
In the output, ensure that Current Revision and Latest Trunk Revision have the same number and Locally modified is "No".
- To ensure the user has permission to run the command, check the /etc/opt/quest/qpm4u/policy/sudoers file and verify the user’s (or group’s) permissions:
# cat /etc/opt/quest/qpm4u/policy/sudoers
- To verify that the policy server is working properly, enter:
# pmsrvcheck
This command returns output similar to:
testing policy server [ Pass ]
From the command line, enter:
# pmsrvinfo
This command returns output similar to:
Policy Server Configuration:
----------------------------
Safeguard version : 7.2.1.0 (0nn)
Listening port for pmmasterd daemon : 12345
Comms failover method : random
Comms timeout(in seconds) : 10
Policy type in use : sudo
Group ownership of logs : pmlog
Group ownership of policy repository : pmpolicy
Policy server type : primary
Primary policy server for this group : Myhost1
Group name for this group : Myhost1.example.com
Location of the repository : file:
////var/opt/quest/qpm4u/.qpm4u/.repository/sudo_repos/trunk
Hosts in the group : Myhost1
Related Topics
pmpolicy
pmsrvcheck
pmsrvinfo
If your sudo policy is not working as expected, use these troubleshooting steps:
- To verify the version of sudo on your host:
# sudo -V
- To verify that the Sudo Plugin host is joined to the policy server, run:
# pmplugininfo
- To see what commands the user is allowed to run:
# sudo -l -U <username>
This command returns output similar to:
Matching Defaults entries for testuser on this host:
log_output
User testuser may run the following commands on this host:
(ALL) /opt/quest/bin/
- On the policy server, use the pmpolicy utility for managing the Privilege Manager for Unix security policy.
- To verify that you have the correct version of the policy, run:
# pmpolicy masterstatus
Ensure that Locally modified in the output is No.
- To update the version of the policy, run:
# pmpolicy sync
- To verify there are no syntax errors in the policy, run:
# pmpolicy checkout -d <dir>
- On the Sudo Plugin host, use the pmpolicyplugin utility to display the revision status of the cached security policy on this host or to request an update from the central repository.
- To verify that you have the correct version of the policy on the Sudo Plugin host, run
# pmpolicyplugin
Use the -g option to update the local cached security policy with the latest revision on the central repository (equivalent to pmpolicy sync on a server).
Related Topics
pmplugininfo
pmpolicy
pmpolicyplugin
This appendix provides detailed information about the variables that may be present in event log entries:
See also Profile Variables for additional information about policy profile variables.