Starting agents as a non-root user

Edit online

If you want to start agents as different users, create a common group on the system and make each user a member of this group.

Before you begin

If you installed and configured your agent as the same non-root user and you want to start the agent as the same user, no special action is required. If you installed and configured your agent as a selected user and want to start the agent as a different user, create a common group on the system. Make all agent management users members of this common group. Transfer ownership of all agent files and directories to this group.

About this task

An autostart script is generated by an installation, upgrade, or configuration. This script (named ITMAgentsN or rc.itmN, depending on the UNIX operating system) contains an entry for each application in a particular installation. By default all agents are started with root user access. To update system startup scripts and start agents as a non-root user, you must edit the install_dir/config/kcirunas.cfg file, which contains a superset of the XML syntax. Each productCode section in the kcirunas.cfg file is disabled by default. Activate a productCode section for your agent by removing the comment indicator from !productCode. Commented or deactivated sections are ignored. Uncommented or activated sections for applications that are not installed are ignored.

Procedure

  1. Install your monitoring agents on Linux® or UNIX as described in Installing agents on AIX® systems or Installing agents on Linux systems.
  2. Optional: Configure your monitoring agents on Linux or UNIX as necessary, see Configuring your environment.
  3. Run the ./secure.sh script with the group name of the non-root user to secure the files and set the file group ownership to the files.
    For example: ./secure.sh -g db2iadm1
  4. To update the system startup scripts, complete the following steps:
    1. Update the install_dir/config/kcirunas.cfg file. Activate productCode sections for your agents. For agents that do not require an instance value, specify the product_code, instance, and user, where the product_code value is the two-letter code that is specified in Table 1. For agents that do require an instance value, such as the Db2® monitoring agent (product code: ud), specify the product_code, instance, user, and name.
      For example:
      <productCode>ud</productCode>
<instance>
<name>db2inst1</name>
<user>db2inst1</user>
</instance>
<instance>
<name>db2inst2</name>
<user>root</user>
</instance>
    2. Run the following script with root user or sudo user access: install_dir/bin/UpdateAutoRun.sh

What to do next

For more information about the ./secure.sh script, see Securing the agent installation files.

Use the same user ID for agent installation and upgrades.