A job migrated from meastro to autosys 11.3.5, its work is to use PGP to encrypt files.
Meastro job definition:-
CWA#MeastroJ
SCRIPTNAME "/opt/prod/sci/bin/sci_stg_tbl_extract.ksh"
STREAMLOGON ownerid
DESCRIPTION "Extract SCI Staging table & encrypt files using SHNpgp key"
TASKTYPE UNIX
RECOVERY STOP
Autosys job definition:-
insert_job: AutosysJ.s job_type: CMD
command: /opt/prod/sci/bin/sci_stg_tbl_extract.ksh
machine: xyz
owner: ownerid
permission:
date_conditions: 0
description: "Extract SCI Staging table & encrypt files using SHNpgp key, sev=3"
std_out_file: "$${GLB_LOGDIRR11U}/${AUTO_JOB_NAME}_${AUTORUN}"
std_err_file: "$${GLB_LOGDIRR11U}/${AUTO_JOB_NAME}_${AUTORUN}"
max_run_alarm: 120
alarm_if_fail: 1
Job is running as success from meastro and manual run, but failing from AutoSys with below error.
We believe Warning below is the cause - Kindly assist.
INFO: 2017/10/13 02:31:05 - Encrypting Files SDM_STG_ACCOUNT.DAT
/opt/pgp/bin/pgp --encrypt '/var/prod/sci//source/work//sci_stg_tbl_extract__20171013023044_4547//SDM_STG_ACCOUNT.DAT' --recipient 'SHN' --output '/var/prod/sci//source/work//sci_stg_tbl_extract__20171013023044_4547//SDM_STG_ACCOUNT.DAT.pgp'
Warning: PGPsdk running in local mode.
/var/prod/sci//source/work//sci_stg_tbl_extract__20171013023044_4547//SDM_STG_ACCOUNT.DAT:encrypt (3124:permission denied)
INFO: 2017/10/13 02:31:06 - Removing Directory and it content /var/prod/sci//source/work//sci_stg_tbl_extract__20171013023044_4547/
INFO: 2017/10/13 02:31:06 - Process Completed with the following exit code 162
INFO: 2017/10/13 02:31:06 - Message:
INFO: 2017/10/13 02:31:06 - Error Encrypting with PGP
Analysis:-
1) When we run PGP command job with “owner: root” and do su – scibatch in the script file.
-- we see, PGP is working as expected (marked in Green color)
2) However, we run the same PGP job with “owner: ABC"
-- We saw , PGP is failing with error message :- encrypt (312:permission denied) {marked in yellow below}
autosyslog -J <jobname> -tO
+ echo \n File Encryption started \n
File Encryption started
+ su - scibatch -c /opt/pgp/bin/pgp --encrypt "/tmp/SDM_STG_CONTACT_ACCOUNT.DAT" --recipient "SHN" --output "/tmp/SDM_STG_CONTACT_ACCOUNT.DAT.pgp"
stty: : Not a typewriter
Warning: PGPsdk running in local mode.
/tmp/SDM_STG_CONTACT_ACCOUNT.DAT:encrypt (0:output file /tmp/SDM_STG_CONTACT_ACCOUNT.DAT.pgp)
logout
+ echo \n File Encryption Completed successfully \n
File Encryption Completed successfully
autosyslog -J <job_name> -tO
+ echo \n File Encryption started \n
File Encryption started
+ whoami
ABC
+ /opt/pgp/bin/pgp --encrypt /tmp/SDM_STG_CONTACT_ACCOUNT.DAT --recipient SHN --output /tmp/SDM_STG_CONTACT_ACCOUNT.DAT.pgp
Warning: PGPsdk running in local mode.
/tmp/SDM_STG_CONTACT_ACCOUNT.DAT:encrypt (3124:permission denied)
+ echo \n File Encryption Completed successfully \n
File Encryption Completed successfully
__________________________________________________________________________________________________
Environment file comparison - o/p of env command by manual login by job owner id VS. output of env command by autosys test job.