This section contains instructions for using sudo to give agents elevated permissions.
1 |
2 |
3 |
Set the path to point to the sudo executable. This executable is typically located in /usr/bin/sudo (the default path provided by the Agent Manager installer). |
4 |
5 |
Edit the sudoers file for your system to allow <fglam_home>/client/<fglam_version>/bin/fog4_launcher to be run as root by a specific user, without requiring a password, and only for the agents that require root privileges. |
6 |
Ensure that the requiretty option is disabled in the sudoers file. For example, to disable this option for the foglight user, add the following entry to the file: |
7 |
If the agent uses an ICMP ping service, edit the sudoers file for your system to allow <fglam_home>/client/*/bin/udp2icmp to be run as root by a specific user, without requiring a password. |
TIP: For sudo configuration, it is a best practice to use a wildcard for the version-specific Agent Manager and cartridge directories, as shown in the example above. Using a wildcard in a path is described in the Sudoers Manual located at:
http://www.gratisoft.us/sudo/man/sudoers.html#wildcards Using a wildcard for the version-specific directories allows you to avoid updating each sudoers file that references these directories when you upgrade the Agent Manager or the agents. |
If these permissions are no longer needed, remove the lines that you added to run fog4_launcher or udp2icmp with root permissions.
1 |
Navigate to <fglam_home>/state/default/config. |
2 |
Open the fglam.config.xml file for editing. |
3 |
Edit the <config:path> element under <config:secure-launcher> to point to the sudo executable. This executable is typically located in /usr/bin/sudo (the default path provided by the Agent Manager installer). |
4 |
Edit the sudoers file for your system to allow <fglam_home>/client/<fglam_version>/bin/fog4_launcher to run as root by a specific user, without requiring a password, and only for the agents that require root privileges. |
5 |
If the agent uses an ICMP ping service, edit the sudoers file for your system to allow <fglam_home>/client/*/bin/udp2icmp to be run as root by a specific user, without requiring a password. |
TIP: For sudo configuration, it is a best practice to use a wildcard for the version-specific Agent Manager and cartridge directories, as shown in the example above. Using a wildcard in a path is described in the Sudoers Manual located at:
http://www.gratisoft.us/sudo/man/sudoers.html#wildcards Using a wildcard for the version-specific directories allows you to avoid updating each sudoers file that references these directories when you upgrade the Agent Manager or the agents. |
This section contains instructions for using setuid_launcher to give agents elevated permissions.
1 |
3 |
Set the path to point to the setuid_launcher executable. This executable is located in <fglam_home>/bin/setuid_launcher. |
4 |
5 |
6 |
Change the owner of <fglam_home>/bin/setuid_launcher to root. This permits the agents that need root privileges to be run as the root user without requiring a password. |
If these permissions are no longer needed, issue the following command:
chmod u-s <fglam_home>/bin/setuid_launcher
1 |
Navigate to <fglam_home>/state/default/config. |
2 |
Open the fglam.config.xml file for editing. |
3 |
Edit the <config:path> element under <config:secure-launcher> to point to your local setuid_launcher executable. This executable is located in <fglam_home>/bin/setuid_launcher. |
4 |
5 |
Change the owner of <fglam_home>/bin/setuid_launcher to root. This permits the agents that need root privileges to be run as the root user without requiring a password. |
If your database is installed on an HP-UX server, HP® provides a tool for ensuring that all the patches required to run JavaTM on HP-UX are installed.
The tool is available from http://www.hp.com/go/java.
To use the tool, issue the following command:
On newly installed AIX® systems, the base operating system can be further customized by the install_assist program provided by IBM®. By default, this program is listed in the /etc/inittab file so that it starts automatically when the system is started.
When install_assist runs automatically, it can interfere with the Agent Manager startup scripts that are installed in /etc/rc.d/rc2.d, and with other startup scripts, such as those provided by OpenSSH.
1 |
Edit the /etc/inittab file. |
2 |
Remove the following line from the /etc/inittab file: |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center