Securing the agent installation files

After you install monitoring agents as a non-root user on Linux or AIX® systems, you can run the script to secure the agent installation by removing world write permissions and setting correct file ownership.

Before you begin

About this task

Complete this step to lock down the file permissions in your installation. Options are available to require no root password, to specify a group name, and to view help for the command.


Run the following command from the install_dir/bin directory. [-g common_group] [-n] [-h]


The installation directory allows access to only the user who ran the script or to only the users in the specified group.


If you are a member of the system group that is named apmgroup, you can use the group to set file group ownership with the following command:

./ -g apmgroup

After the script is run, the group is set as apmgroup for all files in install_dir for the group.

What to do next

Running the ./ script results in the following permissions are set for the agents.

rwx rwx ---

After you run the script, check the permissions for the agent files. For example, for IBM MQ (formerly WebSphere MQ) agent, check the files in the install_dir/arch/mq/lib directory. If the permissions for these files are not set correctly, update the permissions manually. For example, for the IBM MQ (formerly WebSphere MQ) agent:

  1. Set the permissions by running the following command:

    chmod g+rx install_dir/bin/
  2. Set the user and group by running the following command:

    chown newuser:newgroup install_dir/bin/