Before creating and activating an instance of the Java EE Integration Agent on a remote host, the user running the Agent Manager process must have permission to create the Installation directory (DEPLOYMENT_DIRECTORY).
If the Agent Manager and Application Server processes use the same user, the "g" and "o" permissions can be omitted.
If the Agent Manager user is in the same group as the Application Server files being modified, the "u" and "o" can be omitted.
If the Agent Manager is not the same as the Application Server user, or in the same group, then the "o" must be included.
For integration of Windows Services, the Agent Manager user requires permission to run the regedit.exe executable in export or import modes on one or more registry keys, under the HKEY_LOCAL_MACHINE hive.
The Java EE Integration Agent automatically grants permissions on the files and directories within the DEPLOYMENT_DIRECTORY to be readable by any other user on the remote filesystem. By default, only users in the same group as the Agent Manager (and the Agent Manager user itself) can create files within the DEPLOYMENT_DIRECTORY.
Otherwise, the permissions for Dynamic Directories should be changed to rwx for the For Other (default r-x) setting.
| |||||||
| |||||||
By default, stock scripts are not set executable as they are sourced instead of run. If manual execution of pre-instrumentor.sh is required, it may be provided as an argument to /bin/sh instead of changing the permissions for this category.
| |||||||
This is the most important category, as it affects the ability of the Application Server user to create files within the DEPLOYMENT_DIRECTORY
| |||||||
| |||||||
Customized integration scripts (for example, integrate-MyTask.sh) |
Each category provides a set of permissions for the file or directory owner, group, and everyone else. Also provided are the abilities to set the setuid, setgid and sticky bits.
The setuid bit can be set on script files to have the launched process take on the user ID of the script file itself. This ability is not needed in stock integrations.
The setgid bit can be set on script files and directories. When set on script files, the effect is similar to the setuid bit, except the launched process takes on the group ID of the script file, instead of the user ID. When set on a directory, the setgid bit results in files created in that directory having the same group ownership as the directory itself, rather than the group of the user who creates the file. By default, the setgid bit is set on Dynamic Directories, so that the Java EE Integration Agent can maintain these directories regardless of which user creates files within them.
The sticky bit can be used on directories with other write permission to prevent a user from deleting another user’s file.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center