AIX Agent Listener Process starts with unexpected user
Article ID: 128880
Updated On:
Products
CA Automic Workload Automation - Automation Engine
Issue/Introduction
If the Listener Process is configured to be started with user nobody (id 4294967294)
extract out of the ini of the agent:
=====================================================================
;listenerUID=65534
listenerUID=4294967294
20180621/180203.167 - ;listenerGID=65534
20180621/180203.167 - listenerGID=4294967294
=====================================================================
the process is started by another user id
1 A 2147483647 12124286 13238478 0 60 20 864619480 4028 18:02:03 pts/0 0:00 ucxjap6-listener
extract out of the ini of the agent:
=====================================================================
;listenerUID=65534
listenerUID=4294967294
20180621/180203.167 - ;listenerGID=65534
20180621/180203.167 - listenerGID=4294967294
=====================================================================
the process is started by another user id
1 A 2147483647 12124286 13238478 0 60 20 864619480 4028 18:02:03 pts/0 0:00 ucxjap6-listener
Cause
A problem has been fixed where the Unix Agent starts its listener process with an invalid user ID instead of NOBODY.
This it a potential security gap, because One Automation doesn't control if the user exists, or because it can start the listener process with another user without issuing any warning.
This it a potential security gap, because One Automation doesn't control if the user exists, or because it can start the listener process with another user without issuing any warning.
Environment
Problem is that this parameter is an signed integer limited to 2^31.
Resolution
Workaround:
Configure a user with a ID < 2^31.
Solution:
Configure a user with a ID < 2^31.
Solution:
Update to a fix version listed below or a newer version if available.
Component(s): Agent
Automation Engine 12.1.4 - Available
Automation Engine 12.2.2 - Available
Automation Engine 12.3.0 - Available
Feedback
Yes
No
Powered by
