Running the Robot as a non-root or non-administrator (restrictive) user prior to release 20.4 CU7
search cancel

Running the Robot as a non-root or non-administrator (restrictive) user prior to release 20.4 CU7

book

Article ID: 10582

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) Unified Infrastructure Management for Mainframe CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

This article describes how to install and run a robot using a non-root user account.

WARNING: Use at your own RISK as this is NOT a supported configuration AND the UIM Support team cannot assist in troubleshooting issues with non-root robots prior to 20.4 CU7 for Windows or Linux.

Please also keep in mind that in order to log and address any defects or otherwise for a probe, the problem must first be reproduced running the probe as root.

Running a robot as a non-root user is not tested nor officially supported until DX UIM 20.4 CU7 or higher and furthermore, this is for LINUX ONLY.

Environment

  • This is general information and applies to most versions of UIM prior to 20.4 CU7.
  • Windows/Linux
  • Non-root support is not officially tested nor supported for Unix OSes such as Solaris, AIX, or HP-UX.

Resolution

UNIX

1. The non-root user must have sufficient rights to:

  • access the kernel for statistics (CDM)
  • kill processes (processes)
  • create raw sockets (net_connect, net_ probes).
  • make system calls (probes)

2. The installation should be done as root user, as scripts needs to be installed in /etc/init.d for launching the service automatically.

How to run NimBUS as a non-root/non-administrative user:

Stop NimBUS:
# /etc/init.d/nimbus stop

Change owner to user 'nimbus':
# cd /opt/nimbus
# find . -exec chown nimbus {} \;

Set UID for the nimbus-process:
# cd bin
# chmod 4755 nimbus

Start NimBUS:
# /etc/init.d/nimbus start


Running Probes

To test viability for your own purposes, you need to work out exactly what you need to monitor and on which probes and then remove the rights and see which metrics fail.

  • Some probes don't need as many rights, but others need to make system calls so it can be trial and error
  • Keep in mind that the product is not static and new changes in subsequent releases may affect future results
  • Running on reduced rights will often work better with a very 'static' basic monitoring requirement


Windows:

A service account needs to be setup on the Windows server with the following rights and group membership for NMS:

1. Logon as a Service
2. Member of the Local Administrators group
3. Access to and full permissions to the Nimsoft installation directory. All Nimsoft directories/files/folders on 1 or more drives depending on where you install the robot.

Additional Information

Install a Robot As a Non-Root User on Linux (From DX UIM 20.4 CU7)

Powered by Wolken Software