Spencer_Cockrell_39

How to allow/restrict access for administrative (root) user running jobs in Unix

Discussion created by Spencer_Cockrell_39 on May 11, 2016
Latest reply on Jun 23, 2016 by RickM111

We’ve had a lot of questions about allowing the root user to execute jobs on Unix, so I thought it would be good to put this together so that we have some basic information available for all customers. There are a few things that need to be done in preparation, mainly the items contained within our documentation (referenced below):

 

http://docs.automic.com/documentation/AE/11.2/english/AE_WEBHELP/help.htm?product=awa#ucaaks.htm

 

  • For actual operation, the      program ucxj??? can be given the permissions of a privileged user such as      root.
    • Change owner to root

chown root ucxj???

    • Set S-Bit (Set-Userid)

chmod 4755 ucxj???

 

Once this has been set, the only restriction in place is contained within the Agent’s .ini file, with an example of the pertinent section contained below:

 

; - access for root user requires:

 [USERID]

root=START

 

This is commented out by default, and should only be enabled with strict control and access to the login objects. After this has been configured appropriately, you will need to put the root user/password into a Login object and utilize that for your jobs.

 

There may be unforeseen issues with individual environments, but in most cases these are the modifications necessary to restrict/allow access such as this.

Outcomes