A Dollar Universe Node was installed on a Linux/Unix server using the root account but with a service account as administrator for Dollar Universe.
Recently, we had a new security standardization to limit the usage of root user.
We have checked and all Dollar Universe job submission are using root (i.e. if we specify the submission account as a service account, Dollar Universe still switch user to that submission account from root, and this was flagged out as non-compliance).
Can we tell us if there is a way to change the job submission account to another user (not root) or to update the existing root installation to non-root installation for the Dollar Universe node?
By default, in privileged user installation (root) the binary uxdqmlan belongs to root and the setuid is enabled to allow submitting jobs as any system user.
Release : 6.x
Component : DOLLAR UNIVERSE
It is possible to move from a privileged installation of a Dollar Universe Node to a non-privileged user installation (non root).
Be aware that this can only be done if you only have one system user where all Jobs are submitted and is the same that is used in ALL Submission Accounts defined on the Node.
To do so, login as root and:
$UNI_DIR_EXEC/uxrights -m assign -a your_service_account_name
$UNI_DIR_EXEC/uxrights -m restrict
chmod -R your_service_account_name:your_service_account_group /var/opt/ORSYP/.Installer