search cancel

installation of OPMS using sudo

book

Article ID: 201309

calendar_today

Updated On:

Products

CA App Synthetic Monitor DX Application Performance Management

Issue/Introduction

Currently, I am planning on installing OPMS. Our security team wants us to use SUDO to install rather than grant root access.

Is this permitted or supported?

Environment

Release : 10.5

 

Resolution

Installation of the OPMS using sudo is not supported. Here is a link to our documentation where this is stated.

Access rights The OPMS installer must be run under the root user. Running the installer using sudo is not supported.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/app-synthetic-monitor/SaaS/on-premise-monitoring-stations-opms/pre-installation-check-list.html

Additional Information

Reasons why we do not support using sudo to install OPMS:

sudo allows the user to run some commands as root. However:


1) the set of commands can be limited, some can be banned (depends on the sudoers configuration)
2) the environment variables can be inherited from the standard user. Therefore, PATH can be different, missing some directories (e.g. /sbin) or the directories in PATH can be in different order
During the installation, installer also creates temporary script files in /tmp and executes them. Therefore, 1) is a problem.

If I run command echo $PATH on my computer as root or via sudo, the result is different:

$ sudo echo $PATH
/home/userA/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/home/userA/bin

# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin

As you can see, the behavior can be different and that's why we do not support sudo. There are 3 options:
1) customer can try to install it with sudo but must expect that the installation may fail
2) wait for the root credentials
3) he can try and run 'sudo su -'. If it succeeds he can run the installer because this switches him to full root access (including environment).