Important This documentation space contains information about PATROL Agents when deployed in a BMC Helix Operations Management environment. If you are a TrueSight Operations Management user, see PATROL Agent 24.3.01

Ownership and permissions for files, directories, and command-line utilities

Managing file ownership and permissions ensures the security of the PATROL Agent's log and configuration files. The PATROL Agent creates the necessary directories and sets their ownership and permissions to protect against unauthorized access during setup.

When the PATROL Agent runs for the first time, it automatically creates the PATROL_HOME/log and PATROL_HOME/config directories and sets the appropriate ownership and permissions for these directories during the initial setup.

  • If the PATROL_ADMIN environment variable is set, it designates the user who will own the newly created log and configuration files.
  • If the PATROL_ADMIN variable is not set, ownership defaults to the PATROL Agent's default account user.


Default ownership and permissions for directories

The default ownership and permissions of the PATROL Agent log and configuration directories are set according to the following table:

Directories for ownership and permissions of agent log


Default ownership and permissions for files

The following table shows the default ownership and permissions of the log and configuration files:

 Default owner and permissions of log and files

Changing ownership and permissions on UNIX

Normally, all log and configuration files are owned by the user designated by the agent configuration variable /agentSetup/defaultAccount. However, if you want to change the ownership to another user, you must first change the environment variable in the shell script PATROL_HOME/../patrolrc.sh or PATROL_HOME/../.patrolrc and then change the ownership of PATROL_HOME/log and PATROL_HOME/config directories and any files within those directories to the new user.

Before you begin

  • If the PATROL_HOME directory resides in a local file system and you do not have permission to change the ownership of the log and configuration directories, you might have to log on as root to perform steps 2 and 3.

  • If the PATROL_HOME directory resides in an NFS-mounted file system, you might have to log on as root in the NFS server computer where PATROL_HOME physically resides in order to perform steps 2 and 3.

    The /AgentSetup/defaultAccount and OSdefaultAccount variables can also be modified through configuration utilities.

To change ownership and permissions for files and directories

  1. Perform one of the following steps:

    • If you are using the sh or the ksh, modify the following line in PATROL_HOME/../patrolrc.sh:

      PATROL_ADMIN=user;export PATROL_ADMIN

    • If you are using the csh, modify the following line in PATROL_HOME/../.patrolrc:

      setenv PATROL_ADMIN user

  2.  Run the following command to change the ownership of the PATROL_HOME/log and PATROL_HOME/config directories, including all files within them:

    chown -R user $<PATROL_HOME>/log $<PATROL_HOME>/config

  3. Run the following command to change the group ownership of these directories and files:

    chgrp -R groupname $<PATROL_HOME>/log $<PATROL_HOME>/config


Default ownership and permissions for command-line utilities

The default ownership and permissions of the PATROL Agent command-line utilities are set according to the following table:

Ownership and permissions of command-line utilities

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*