fir3net
PPS-Firenetbanner-780.5x190-30-03-17

Check Point Solaris - Wrapper completed with error code 239

Issue

On Solaris 8 or Solaris 9, installing Check Point package fails with either :

/var/opt/cp_tmp/CPsuite-R65/install/request: /var/opt/cp_tmp/CPsuite-R65/install/request: cannot open
pkgadd: ERROR: request script did not complete successfully
Installation of <CPsuite-R65> failed.

or

/opt/CPInstLog/Wrapper_R65.elg contains
[25/02 11:52:36]  Installing "Primary SmartCenter"
[25/02 11:52:55]  Installing of "Primary SmartCenter" failed !
[25/02 11:52:57]  Fail to install: Primary SmartCenter! See application usage format.
[25/02 11:52:57]  Wrapper completed with error code 239

 
Solution
 
This error is due to permissions changes to the "pkgadd" script.
 
On Sun Solaris 9, the relevant patch number is 113713(SPARC) or 114568(x86).

  • With patch 113713-16 and below, pkgadd scripts ran as the current user (typically "root").
  • With patch version 113713-17 through 113713-19, these scripts were run as user "nobody".
  • With 113713-20 and above, they are run as user "noaccess".

The 2 solutions for this are:

1. Backout of the patch, run the upgrade, and re-apply the patch.
This is not always possible - as if the patch was in the initial build, there will be no backout files.

or

2. Modify the permissions of the users "noaccess" and "nobody", run the upgrade, and then adjust them back again. 
You can check the permissions of the users by running the following:

root@fw1 # grep ^no /etc/passwd
nobody:x:60001:60001:Nobody:/:/sbin/noshell
noaccess:x:60002:60002:No Access User:/:/sbin/noshell

 To modify them to work for the upgrade run these commands:

root@fw1 # usermod -u 0 -o noaccess
root@fw1 # usermod -u 0 -o nobody 

Check they were successful:

root@fw1 # grep ^no /etc/passwd
nobody:x:0:60001:Nobody:/:/sbin/noshell
noaccess:x:0:60002:No Access User:/:/sbin/noshell

The install will now complete without errors, providing that you have enough disk space
For all info - see SK39956 on the CheckPoint site.

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001