You can use the configNonRoot script to configure BMC ProactiveNet Server to run as a non-root user on Solaris. You can use this same script to switch the BMC ProactiveNet Server from one non-root user to another non-root user.
The initial installation must be run as root.
To configure BMC ProactiveNet Server to run as a non-root user on Solaris
- Run the .tmcsh or .tmprofile script.
- Run the configNonRoot script to configure an installed BMC ProactiveNet Server to run as a non-root user.
The configNonRoot script prompts for the new HTTP and HTTPS ports to be used by Apache server and performs necessary changes. However, it is important that the initial installation be performed by 'root' user. After conversion to non-root, upgrades can be performed by a non-root user. The Apache and Tomcat components of the server run as user 'nobody'. After running this utility, however, they will run as the designated user.
After being changed to run as non-root, the server will have the following limitations:
- Web interface can no longer be accessed on ports 80 or 443; instead, you must choose alternate ports above 1024. You will be prompted for these ports when you run the conversion program "configNonRoot". You can also choose the alternate ports by editing the httpd.conf file located in the appropriate directory for your operating system:
- Solaris or Linux: InstallDirectory/usr/pw/apache/conf/
- Microsoft Windows: InstallDirectory\pw\ApacheGroup\Apache\conf
- You cannot revert the ownership once you change it to non-root.
- Any upgrades must be performed by the same non-root user specified when the configNonRoot script is run.
- The local agent also experiences its own limitations in monitoring.
Follow the instructions to make BMC ProactiveNet Server run as user "john". The same configNonRoot script can also be run to switch BMC ProactiveNet Server from one non-root user to another non-root user.
To make BMC ProactiveNet Server run as user "john":
# source /usr/pronto/bin/.tmcsh
# configNonRoot john
- BMC ProactiveNet Server running as a non-root user can be upgraded either by the same non-root user or by root. If upgraded by the same non-root user, the same HTTP(S) ports will be used by the Apache Web Server during upgrade. If upgraded by root, then the configNonRoot script should be run again to convert the root-owned files back to non-root. When BMC ProactiveNet Agent - Linux is run as non-root, the following limitations are applicable:
- Process monitor will not collect data for certain attributes (such as # file descriptors), if the process being monitored does not belong to the same user as the agent.
- Although Ping or Traceroute operating system utilities can be run by a non-root user the corresponding Ping and Traceroute monitors cannot be run by a non-root user.
- Log File monitor will not work if the user running the agent does not have Read privileges on the log files. The workaround is to assign Read privileges on the particular log file to "all" or to a particular group.
- Disk Performance Monitor will not work since root privileges are required to read the device files.