Check Point Solaris - Wrapper completed with error code 239

Issue

On Solaris 8 or Solaris 9, installing Check Point package fails with either :

/var/opt/cp_tmp/CPsuite-R65/install/request: /var/opt/cp_tmp/CPsuite-R65/install/request: cannot open
pkgadd: ERROR: request script did not complete successfully
Installation of <CPsuite-R65> failed.

/opt/CPInstLog/Wrapper_R65.elg contains
[25/02 11:52:36] Installing “Primary SmartCenter”
[25/02 11:52:55] Installing of “Primary SmartCenter” failed !
[25/02 11:52:57] Fail to install: Primary SmartCenter! See application usage format.
[25/02 11:52:57] Wrapper completed with error code 239

Solution

This error is due to permissions changes to the “pkgadd” script.

On Sun Solaris 9, the relevant patch number is 113713(SPARC) or 114568(x86).

With patch 113713-16 and below, pkgadd scripts ran as the current user (typically “root”).
With patch version 113713-17 through 113713-19, these scripts were run as user “nobody”.
With 113713-20 and above, they are run as user “noaccess”.

The 2 solutions for this are:

1. Backout of the patch, run the upgrade, and re-apply the patch.
This is not always possible – as if the patch was in the initial build, there will be no backout files.

2. Modify the permissions of the users “noaccess” and “nobody”, run the upgrade, and then adjust them back again.
You can check the permissions of the users by running the following:

[email protected] # grep ^no /etc/passwd
nobody:x:60001:60001:Nobody:/:/sbin/noshell
noaccess:x:60002:60002:No Access User:/:/sbin/noshell

To modify them to work for the upgrade run these commands:

[email protected] # usermod -u 0 -o noaccess
[email protected] # usermod -u 0 -o nobody

Check they were successful:

[email protected] # grep ^no /etc/passwd
nobody:x:0:60001:Nobody:/:/sbin/noshell
noaccess:x:0:60002:No Access User:/:/sbin/noshell

The install will now complete without errors, providing that you have enough disk space
For all info – see SK39956 on the CheckPoint site.

Author
Recent Posts

Rick Donato

Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial