root access requirements for Tivoli Netcool/OMNIbus processes
Tivoli® Netcool®/OMNIbus does not require root access to operate. Exceptions apply to process control and PAM usage.
Root access is required when the process agent is configured to execute processes as a different user from the one who started the process agent.
Root access is required when PAM is being used and is configured such that it accesses objects that are owned by root.
The SNMP Probe (nco_p_mttrapd) can be run as SUID root without compromising system security when root access to ports is required. In this mode, the probe drops its root privileges after it has opened the SNMP session and before the IBM® Tivoli Netcool/OMNIbus probe library starts.