How to prevent Workload Automation System Agent from writing world-writeable files to /tmp/.com_ibm_tools_attach

book

Article ID: 225263

calendar_today

Updated On:

Products

CA Workload Automation AE CA Workload Automation Agent

Issue/Introduction

When the WA System Agent is started, it is creating the /tmp/.com_ibm_tools_attach directory that contains world-writeable files. Is there a way to configure the agent to set the default permissions on these files without world-write?

Environment

Release : 12

Component : CA Workload Automation Agent (AutoSys)

Resolution

Go to the agent install directory and edit the cybAgent script. Add these lines somewhere above where it cd's to the agent directory and runs an exec on cybAgent.bin...

IBM_JAVA_OPTIONS=-Dcom.ibm.tools.attach.enable=no
export IBM_JAVA_OPTIONS

You can then stop the agent, delete the /tmp/.com_ibm_tools_attach directory, and then restart the agent. The directory will not return after you restart the agent.

This disables the Java Attach API that is enabled by default in the JRE and is what is responsible for creating that directory. However, it is not needed by the agent so it is safe to disable.