Symptoms
The cron.daily/tmpwatch script deletes the /var/system/tmp/tmsh directory. After some time, the tmsh directory is created again as part of another cron job.
During the interval, if a non-admin accesses tmsh, tmsh creates the /tmp/tmsh directory with that user's permissions, which creates issues for subsequently non-admin user logons.
Impact
The first non-admin user can access tmsh. Other, subsequent non-admin users receive the following error:
01420006:3: Can't create temp directory, /var/system/tmp/tmsh/SKrmSB, errno 13] Permission denied.
After some time this /var/system/tmp/tmsh permission is updated automatically.
Conditions
Try to access the tmsh from non-admin users when /var/system/tmp/tmsh is deleted.
Workaround
To prevent this issue, run the following in one of two ways:
-- As root user in bash shell.
-- As a cronjob running in a per-case frequency.
root@bigip# export TARGET=/var/system/tmp/tmsh; [ ! -d $TARGET ] && mkdir -p $TARGET; chmod 1777 $TARGET; unset TARGET
