System Agent Running as Service Account on UNIX/Linux
search cancel

System Agent Running as Service Account on UNIX/Linux

book

Article ID: 236568

calendar_today

Updated On:

Products

CA Workload Automation DE Autosys Workload Automation Workload Automation Agent

Issue/Introduction

User has agent installed on Linux (Ubuntu 20.04). The agent is being used to execute shell scripts. Jobs are configured to use the credentials of a service account, but that service account is not actually being used to execute the scripts. Users confirmed this by changing permissions (to generate failures) and also by creating a test script that created an output file. The output file was not written to the service account home folder but to the WA agent home folder.

Here's the configuration of the job. The job should be using the credentials of the user iics_agent, but it's not.

Environment

Release : Any

Component : Workload Automation System Agent

Cause

Agent is running on server as a service account called wa_agent. Job appears to be defined to run as a different service account in that of iics_agent. Here's the problem with that. Because you are running the agent as a non-root user, the job is being run as the wa_agent service account. In order to be able to run a job as another account, the agent must be run as root. That is because root is the only account that can become any other user on the system. This is operating system security limitation.

Resolution

  1. Logon to server as the service account that is currently running the agent.
  2. Stop the agent services
    cybAgent -s
  3. Become the root user
    su - root
  4. Change ownership of the agent directory to root user.
    chown -R root:root /home/wa_agent/WA_Agent
  5. Now, as the root user, start the agent.
    cybAgent -a
  6. The agent is now owned and run by the root user.
  7. Rerun job.