Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 8466 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Documentation on required permissions for Update Manager distribution shares???

TerryOdom

It's racking my brain and I haven't covered much ground with Sophos support in solving the issue but several of my distribution shares are generating various errors when having new updates written to them.

I've already referenced:  Sophos Update Manager fails to write to a share - https://www.sophos.com/en-us/support/knowledgebase/119593.aspx 

The issues I had prior to accessing the above mentioned article were related to incorrect permissions on the distribution shares.  Update Manager Log Viewer showed that I was receiving the following error:  boost::filesystem::remove

I tried changing the persissions to resolve and either continued getting the same error or would get:  boost::filesystem::create_directory

I can't seem to find any Sophos documentation that specifically shows the required permissions and security groups required for the distribution shares to receive updates from Update Manager.

If anyone can answer this for me and point me in the right direction I thank you in advance.



This thread was automatically locked due to age.
Parents
  • 0

    Hello TerryOdom,

    you have to distinguish between local and remote shares.
    For the default local share the NTFS permissions are explicitly set at %ProgramData%\Sophos\Update Manager\ with Full control (inheritable) for SYSTEM (the SUM service logs on as Local System) and and Administrators. For additional local shares the same NTFS permissions should be set (the share itself naturally also permitting full access).
    Remote shares must permit (the equivalent of) inheritable Full control file system permissions for the account (specified in the SUM configuration) used to access the share.

    The boost errors are usually not caused by incorrectly configured permissions, though occasionally permissions (ACLs) on specific objects are incorrectly set. Standard procedures for correcting file system inconsistencies on the host apply (for Windows servers it's normally a reboot and possibly some housekeeping, e.g. deleting and recreating the CIDs, in the file system). 

    Dunno if this can be of help. As indicated above it's often impossible to pinpoint the root cause - once corrected the problem might not recur.

    Christian     

Reply
  • 0

    Hello TerryOdom,

    you have to distinguish between local and remote shares.
    For the default local share the NTFS permissions are explicitly set at %ProgramData%\Sophos\Update Manager\ with Full control (inheritable) for SYSTEM (the SUM service logs on as Local System) and and Administrators. For additional local shares the same NTFS permissions should be set (the share itself naturally also permitting full access).
    Remote shares must permit (the equivalent of) inheritable Full control file system permissions for the account (specified in the SUM configuration) used to access the share.

    The boost errors are usually not caused by incorrectly configured permissions, though occasionally permissions (ACLs) on specific objects are incorrectly set. Standard procedures for correcting file system inconsistencies on the host apply (for Windows servers it's normally a reboot and possibly some housekeeping, e.g. deleting and recreating the CIDs, in the file system). 

    Dunno if this can be of help. As indicated above it's often impossible to pinpoint the root cause - once corrected the problem might not recur.

    Christian     

Children
No Data
Unfiltered HTML