For security compliance is it possible to remove the setUID bit from the 2 Tim /opt/CA/APM/tim/system/bin files suidwrapper & webrequestid.

book

Article ID: 16237

calendar_today

Updated On:

Products

APP PERF MANAGEMENT CA Application Performance Management Agent (APM / Wily / Introscope) CUSTOMER EXPERIENCE MANAGER INTROSCOPE

Issue/Introduction



For security compliance is it possible to remove the setUID bit (sticky bit) from the 2 Tim /opt/CA/APM/tim/system/bin files suidwrapper & webrequestid ?

-rwsr-xr-x 1 root root 7083 Feb 9 2017 suidwrapper 

-rwsr-xr-x 1 root root 61112 Feb 9 2017 webrequestid

Environment

APM Tim 9.x, 10.x

Resolution

It is not possible to remove the setUID bit on the files suidwrapper & webrequestid without impacting the Tim Setup web page access.

If the setUID bit is removed loading of the Tim Setup web page will fail with message: "Status: 200" 

The "apache" user who owns the Tim web server httpd process needs to execute those programs with the owner ("root)" permissions.