The information in this SAS KB article applies to SAS® 9.2, SAS® 9.3, SAS® 9.4, and SAS® Viya®.
See SAS Note 33751 for instructions about using PROC PERMTEST in SAS® 9.1.3.
A message similar to the following can mean that an authentication failure has occurred at the host level:
20081022:15.50.27.30: 00000000:ERROR: Access denied.
PROC PERMTEST provides a low-level tool to test authentication, and you can use it to determine if the authentication problem is in fact occurring at the host level. PROC PERMTEST performs two functions:
- It calls the sasauth module to test host-based authentication.
- Then, it tests user permissions.
Before running PROC PERMTEST, you must enable logging. Here are instructions:
- Modify the SASFoundation/SAS9.x/utilities/bin/sasauth.conf file. Note that the following lines in that file are commented out:
debugLog=/tmp/sasauth-debug.%d.log
accessLog=/tmp/sasauth-access.%d.log
errorLog=/tmp/sasauth-error.%d.log
logOwner=0
Note: In SAS Viya, the sasauth.conf file is located in the /opt/sas/spre/home/SASFoundation/utilities/bin/ directory.
You must remove the comment delimiters from those lines.
- In addition, you should set the value for logOwner to the UID number of the user ID being used to install SAS. To obtain that UID number, issue this command from the UNIX system prompt:
id installer_id
where installer_id is the real user ID that is used to install SAS. Here is an example:
id sas
The results are similar to the following:
uid=21987(sas) gid=344(sas) groups=33536(),36599(),105(techsup)
Note the value for uid= in your results and substitute that value for logOwner when you modify the sasauth.conf file. Here is an example:
logOwner=21987
- After you have modified and saved the sasauth.conf file, run PROC PERMTEST by invoking SAS from the SASFoundation/9.x directory as follows:
./sas -path ./utilities/src/auth -nodms
Note: In SAS Viya, invoke a SAS session and the PERMTEST procedure from the /opt/sas/spre/home/SASFoundation directory as follows:
./sas -path ./utilities/src/auth
- In NODMS mode, you are prompted with a ? for SAS statements. As shown in the example below, enter the PROC PERMTEST statement, followed by a RUN statement. When prompted, enter the user ID and password to be tested.
Note: In SAS Viya, you do not need to use -nodms option when starting SAS session. NODMS is used by default.
If the authentication test is successful, then the host authentication is working properly. If the authentication test fails, then your UNIX system administrator must determine why host authentication is failing.
- Next, the permissions test begins. This step determines whether the user has the appropriate permissions to allow a file to be written. When prompted, enter the absolute path to a location where a file can be created.
Note: If you do not provide an absolute path, an attempt is made to create the file in the !SASROOT directory. Most users do not have Write permissions for that directory, so the test fails. Avoid this problem by providing an absolute path.
Here is an example of the output that PROC PERMTEST generates:
1? proc permtest;
2? run;
Authentication Test
Enter userid:
testuser
Enter password:
Authentication successful.
Permissions Test
Enter a scratch filename:
/tmp/testfile
Test file written successfully.
NOTE: PROCEDURE PERMTEST used (Total process time):
real time 36.15 seconds
cpu time 0.01 seconds
3? endsas;
NOTE: SAS Institute Inc., SAS Campus Drive, Cary, NC USA 27513-2414
NOTE: The SAS System used:
real time 48.67 seconds
cpu time 0.06 seconds