Sudo permissions needed for Infrastructure agent
search cancel

Sudo permissions needed for Infrastructure agent


Article ID: 207108


Updated On:


CA Application Performance Management (APM / Wily / Introscope)


I have been asked for the permissions required to run the Infrastructure agent with host bundle (SystemEdge) as a non-root user and gather all the default information.  Do you have such a list or can you provide documentation on what is needed?



Release : 20.2

Component : APM Agents



To run the APMIA with non- root user for MQ monitoring


We want to manually install and run the APM Infrastructure Agent as non root - how can we run this as a service?

If the APMIA has not been installed and a service created then it can be started using the force_start option and this can be incorporated into a service start script.


Installing SystemEDGE with a non root equivalent account is not supported. 

The effective permissions for SysEdge will be root. There is no way around that. 

There is a Privileged Separation user option that can be enabled. 

With the privilege separation option the network portion of the agent is switching to non-root account after the startup, but all the data collection is always performed as root.
SystemEDGE is single threaded - so its either updating the contents of the MIB or responding to SNMP requests but it cannot do both at the same time so that is where this switching comes into play.   

There are certain OS metrics that cannot be retrieved without non root which is why this decision was made.