Starting agents as a non-root user

If you want to start agents as different users, create a common group on the system and make each user a member of this group.

Before you begin

If you installed and configured your agent as the same non-root user and you want to start the agent as the same user, no special action is required.

If you installed and configured your agent as a selected user and want to start the agent as a different user, create a common group on the system. Make all agent management users members of this common group. Transfer ownership of all agent files and directories to this group.

About this task

An autostart script is generated by an agent installation, upgrade, or configuration. This script (named ITMAgentsN or rc.itmN, depending on the UNIX operating system) contains an entry for each application in a particular installation. By default all agents are started with root user access.

To update system startup scripts and start agents as a non-root user, you must edit the install_dir/config/kcirunas.cfg file, which contains a superset of the XML syntax.

Each productCode section in the kcirunas.cfg file is disabled by default. Activate a productCode section for your agent by removing the comment indicator from !productCode. Commented or deactivated sections are ignored. Uncommented or activated sections for applications that are not installed are ignored.

Procedure

1. Install your monitoring agents on Linux or AIX® as described in Installing agents on AIX systems or Installing agents on Linux systems.
2. Optional: Configure your monitoring agents on Linux or AIX as necessary, see Configuring ICAM Agents.

3. Run the following command from the install_dir/bin directory with the group name of the non-root user to secure the files and set the file group ownership to the files.

   ./secure.sh -g group_name
   

   For example:

   ./secure.sh -g mqadmin1
   

4. To update the system startup scripts, complete the following steps:

   1. Update the install_dir/config/kcirunas.cfg file. Activate productCode sections for your agents. For agents that do not require an instance value, specify the product_code and user values, where the product_code value is the two-letter code that is specified in Table 1 in Using agent commands. For agents that do require an instance value, such as the WebSphere® MQ) agent (product code: mq), specify the product_code, user, and name values, where name is the instance name.

      For example:

      <productCode>mq</productCode>
      <instance>
      <name>qmgrinst1</name>
      <user>qmgrinst1</user>
      </instance>
      <instance>
      <name>qmgrinst2</name>
      <user>root</user>
      </instance>
      

   2. Run the following command with root user or sudo user access:

      install_dir/bin/UpdateAutoRun.sh
      

Results

The agents can be started by a non-root user, which is not the same user that installed and configured the agents. You can use the same user ID for agent upgrades.

For more information about the ./secure.sh script, see Securing the agent installation file.