We recently converted our external storage to Linux servers with an NFS local mount point. It seems PAM writes the file as root to the NFS share. This causes us issues with RSYNC since our application ID owns the mount point and files. Can a setting be made by via SSH to appliances to write data as our pamsvc account? This also caused issues with Vormetric encryption since PAM writes the files as root. Having data written by root on an NFS share is in violation to our security policies.  

Component : PRIVILEGED ACCESS MANAGEMENT

There are only  2 users CA PAM will use with NFS data. The first is root which all session recordings are written as and the second is cspmsrv (uid= 1001 and gid=1001) which is used for metric and audit data recording  The root directory of the share will also be set as owned by cspmsrv.  Without an enhancement we cannot change the behavior of how this is used by the CA PAM appliance. 

As a workaround you can configure configure the NFS drive itself to have the NFS drive use UID=1001 and guid-1001 for al files and directories.. While this may not be ideal being bound to a specific UID, it may be beneficial for managing the drive on a Unix or commercial NFS device 

For a standard NFS share on a Linux host this would be accomplished by exporting the drive like this where 

    /YYYYYY = the path to export

     XXXXXXX = the IP addresses of the PAM Appliances

/YYYYYY    XXXXXXX(rw,no_root_squash,anonuid=1001,anongid=1001,sync)

This will ensure all files are in this share owned by UID 1001 rather than root id 0. If you require you can set the user ID to 1001 on the linux machine to a service account name for which you want the source Linux server to know the file owner as since the UID/GID are the important variables and not the username from CA PAMs perspective.

There is no specific requirement to set the UID on the source NFS server but since CA PAM will write the files and directories in this manner it does make more sense to adjust for this.