Root permissions removed

By accident (did not expect it to work like that for whatever reason) I removed “SuperUser” permission from my root user.
I have snapshot of whole machine from few days back, however it might cause some problems.
Is there any way to give back rights to root user?
I have access to whole mysql and backend of Request Tracker.
Thanks in advance!

You can try this Perl script!

use strict;
use warnings;

use lib qw(/opt/rt5/local/lib /opt/rt5/lib);

use RT::Interface::CLI qw(Init);

($ret, $msg) = $userObj->Load( 'root' );
print "$msg\n";

($ret, $msg) = $userObj->PrincipalObj->GrantRight( Right => 'SuperUser' );
print "$msg\n";

1 Like

I can see, that script uses RT CLI.
I have not used that before, doesn’t it need user configured?
Do you maybe know the way to do it straight in the database?
Thanks a lot for your help!

I believe so long as you run it on the RT server you should be good, since it imports /opt/rt5. Sadly I have no idea how to do it via db

1 Like

Sorry for the error above, however I have got stuck on another problem:
Can't call method "Load" on an undefined value at line 9.
And that is when I started to think it was all about permissions.

Is your RT install located at /opt/rt5?

Yes, it is.
Right now, I am going through all of the scirpts.
Just to say, I have not configured RT CLI previously.

I’ve never setup any CLI stuff, just installed RT and then I could import it like that. Maybe you need to run it as sudo?

I do run it as sudo every single time.
I have also tried just to give SuperUser to someone else, as I thought something might have just been deleted, still does not work tho.
How do you run these scripts?
As a perl saved scirpt with sudo or somehow thorugh PERL console?

In case someone was wondering, I did not manage to gain permissions with above script.
It is definetely great, however after few modifications I got “Permission denied” - that’s just my case.

I managed to do this through database, tho.
In my case it was 3rd row, that was deleted in ACL table.
It is really nice to have any kind of backup to compare, however this row is inserted, when RT database is created.

Big thanks for your time @knation, I really appreciate that!

We want to remove a user from the IAM at the subscription level but his scope is ‘root’ inherited so it can’t be removed.

What is the root? We only have 1 subscription and the user role is ‘user access administrator’.
MyCCPay Portal