NStrelow

Running unix agent without root permissons

Discussion created by NStrelow on Dec 4, 2017
Latest reply on Dec 6, 2017 by Carsten_Schmitz
Hi there,

i read about the possibility to run an agent(linux) without the need of setting the s-bit on the agent binary and without making it owned by the root-user.
By setting ANONYMOUS_FT, ANONYMOUS_JOB, ANONYMOUS_FE and login_check to "Y"/"yes" this should result in an agent, which runs via the user "uc4", but the job itself runs under the provided(Login-Object with valid passphrase) user without the need of a "switch user" command.
But i cant get it to work. The test-job results in "User '***' is unknown or an invalid password has been provided."

After reading https://community.automic.com/discussion/82/unix-guide-to-run-an-unix-agent-without-root-permission which, sadly, lead to nothing, i went with 777 on all (automic-)folders and binaries. Still the same error.

drwxrwxrwx 2 uc4 uc4    4096 Dec  4 14:36 .
drwxrwxrwx 3 uc4 uc4    4096 Mar 16  2017 ..
-rwxrwxrwx 1 uc4 uc4   51140 Mar 13  2017 ucxelx6f
-rwxrwxrwx 1 uc4 uc4 1983739 Dec  4 13:10 ucxjlx6
-rwxrwxrwx 1 uc4 uc4    3992 Dec  4 13:29 ucxjlx6.ini
-rwxrwxrwx 1 uc4 uc4   92776 Mar 13  2017 ucxjlx6m
-rwxrwxrwx 1 uc4 uc4 1537542 Mar 13  2017 ucx.msl

$ stat /opt/automic/agent/bin/ucxjlx6 | grep -i "uid"
Access: (0777/-rwxrwxrwx)  Uid: ( 3228/     uc4)   Gid: (  111/     uc4)

Agent is started via ServiceManager:

nohup $BINPATH/${BINARY} -i${SMGRCONFPATH}/${SMGRINI} ${SYSTEM} >>$TEMPPATH/${BINARY}.log 2>&1 &

.smd:
DEFINE UC4 Unix-Agent;*AGT_STARTPATH/ucxjlx6 -i*AGT_STARTPATH/ucxjlx6.ini;*AGT_STARTPATH/

Is there even a way to run the agent with one(uc4) non-root user and run a job with the user specified in the login-Object(with valid credentials)?

Agent and ServiceManager-version: 10.0.8+hf.5.build.1489415242539
Engine: 12.1.0.2.0

Have i overlooked something?

Thanks in advance






Outcomes