立即与支持人员聊天
与支持团队交流

Foglight for Java EE Technologies 5.9.7.5 - Installation Guide

Installing and Configuring Foglight for Java EE Technologies Integrating with JBoss Integrating with Tomcat Integrating with WebLogic Domain Startup Scripts Integrating with WebSphere Integrating with Oracle AS Creating a Generic Installation for Manual Java EE Agent Integration Managing Java EE Agent Installations, Integrations, and Configurations Managing Java EE Agent Configurations Managing Java EE Installations Foglight for Java EE Integration Configuration FAQ and Troubleshooting Performing Manual Application Server Integrations Appendix: Managing Permissions for the Java EE Integration Agent Appendix: Foglight for Java EE Application Methods

Appendix: Managing Permissions for the Java EE Integration Agent

If for any reason you need to manually adjust the permissions for the Java EE Integration Agent you can do so from the Foglight for Java EE Technologies Agent Properties page.
Before you make any changes, review the following topics:
Managing Permissions on Remote Filesystems
Windows Services Permissions
Permissions Required by the Application Server User
 
To edit Java EE Integration Agent permissions:
1
On the navigation panel,under Dashboards, click Administration > Agents > Agent Properties.
2
On the Agent Properties dashboard, expand the ApplicationServers Namespace > Type group.
3
Click JavaIntegrator. The Properties page for the Java EE Integration Agent opens.
4
Set the permissions as necessary and click Save.

Managing Permissions on Remote Filesystems

Before creating and activating an instance of the Java EE Integration Agent on a remote host, the user running the Agent Manager process must have permission to create the Installation directory (DEPLOYMENT_DIRECTORY).
Before submitting an integration task to a Java EE Integration Agent, the Java EE Integration Agent must be granted permission to make the necessary modifications to application server files and to create backup copies of the files being modified. The following permissions must be granted to the user running the Agent Manager process (for the application server being integrated):
Table 1. User permissions required.
Remote File System directory
Directory/App Server file
Required permission
DEPLOYMENT_DIRECTORY
.
(managed)
..
ugo+rwx
(JBoss)
JBOSS_HOME/bin
.
ugo+rwx
standlone.bat, domain.bat , run.bat
ugo+rw
standalone.sh, domain.sh, run.sh
(Tomcat)
CATALINA_HOME/bin
.
ugo+rwx
catalina.bat, catalina.sh
ugo+rw
(WebLogic)
WL_HOME/server/bin
.
ugo+rwx
startNodeManager.cmd, startManagedWebLogic.cmd, startWLS.cmd
ugo+rw
startNodeManager.sh, startManagedWebLogic.sh, startWLS.sh
(WebLogic)
DOMAIN_HOME/common/bin
.
ugo+rwx
startWebLogic.cmd, startWebLogic.sh
ugo+rw
(WebSphere)
PROFILE_HOME/bin
.
ugo+rwx
startServer.bat, startNode.bat, startManager.bat, setupCmdLine.bat
ugo+rw
startServer.sh, startNode.sh, startManager.sh, setupCmdLine.sh
(WebSphere)
PROFILE_HOME/properties
.
ugo+rwx
server.policy
ugo+rw
(WebSphere)
WAS_HOME/bin
.
ugo+rwx
setupCmdLine.bat
ugo+rw
setupCmdLine.sh,
startServer.sh,
startNode.sh,
startManager.sh,
If the Agent Manager and Application Server processes use the same user, the "g" and "o" permissions can be omitted.
If the Agent Manager user is in the same group as the Application Server files being modified, the "u" and "o" can be omitted.
If the Agent Manager is neither the same as the Application Server user nor in the same group, then the "o" must be included.

Windows Services Permissions

For integration of Windows Services, the Agent Manager user requires permission to execute the regedit.exe executable in export and/or import modes on one or more registry keys, under the HKEY_LOCAL_MACHINE hive.
For Tomcat Windows Services:
 
Table 2. Tomcat Windows Registry keys.
HKLM Windows Registry Keys (Tomcat)
Read
Write
System\CurrentControlSet\Services
Y
N
Software \Apache Software Foundation\Procrun 2.0\<service>\ Parameters\Java
Y
Y
Software\JavaSoft\Java Runtime Environment
Y
N
Software\JavaSoft\Java Development Kit
Y
N
Software \Wow6432Node\Apache Software Foundation\Procrun 2.0\<service>\ Parameters\Java
Y
Y
Software \Wow6432Node\JavaSoft\Java Runtime Environment
Y
N
Software\Wow6432Node\JavaSoft\Java Development Kit
Y
N
For WebLogic or WebSphere Windows Services:
 
Table 3. WebLogic or WebSphere Windows Services.
HKLM Windows Registry Keys (WebLogic, WebSphere)
Read
Write
System\CurrentControlSet\Services\<service>\Parameters
Y
Y
 

Permissions Required by the Application Server User

The Java EE Integration Agent automatically grants permissions on the files and directories within the DEPLOYMENT_DIRECTORY to be readable by any other user on the remote filesystem. By default, only users in the same group as the Agent Manager (and the Agent Manager user itself) can create files within the DEPLOYMENT_DIRECTORY.
If the Application Server user is the same as the Agent Manager user, or belongs to the group owning the Agent Manager files, these category permissions do not need to be changed.
Otherwise, the permissions for Dynamic Directories should be changed to rwx for the For Other (default r-x) setting.
File permissions are managed by the Java EE Integration Agent, using a set of six categories to apply particular permissions to particular types of files. These are the categories and the files they represent:
 
Table 4. Permission categories and files.
Permission Category
Included Files and Directories
Stock Directories
config, lib, scripts, and their subdirectories within versioned homes
All parent directories of DEPLOYMENT_DIRECTORY created by the Agent Manager
Stock Files
All files within config and lib and their subdirectories
Stock Scripts
By default, stock scripts are not set executable as they are generally sourced instead of executed. If manual execution of pre-instrumentor.sh is required, it may be provided as an argument to /bin/sh instead of changing the permissions for this category.
 
Includes:
Non-customized copies of integrate.cmd, integrate.sh
Files within versioned scripts directory
Dynamic Directories
This is the most important category, as it affects the ability of the Application Server user to create files within the DEPLOYMENT_DIRECTORY
 
Includes:
DEPLOYMENT_DIRECTORY
bootstrap, logs and state sub-directories
config file parent directories (except config, which is created using stock directory permissions)
DEPLOYMENT_DIRECTORY/exports (this is the WORKING_SUBDIR)
Each versioned home folder
Integration-specific bootstrap folders
log directories that are created by the Java EE Integration Agent
Dynamic Files
jee_builds.properties
Agent-local config files (agent.config, log.config, agenttype.config)
Backups of integrated application server files
Backups of Windows Service exports
Dynamic Scripts
Customized integration scripts (for example, integrate-MyTask.sh)
Each category provides a set of permissions for the file/directory owner, group, and everyone else. Also provided are the abilities to set the setuid, setgid and sticky bits.
The setuid bit can be set on script files to have the launched process take on the user ID of the script file itself. This ability is not needed in stock integrations.
The setgid bit can be set on script files and directories. When set on script files, the effect is similar to the setuid bit, except the launched process takes on the group ID of the script file, instead of the user ID. When set on a directory, the setgid bit results in files created in that directory having the same group ownership as the directory itself, rather than the group of the user who creates the file. By deafult the setgid bit is set on Dynamic Directories, so that the Java EE Integration Agent can maintain these directories regardless of which user creates files within them.
The sticky bit can be used on directories with other write permission to prevent a user’s file from being deleted by any other user.
With the lone exception noted above, these file permissions should not need to be modified when performing stock integrations. The options exist to aid integrations where extraordinary circumstances require them.
 
 
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级