why the ASM OPMS installer requires root permissions
Article ID: 407681
Updated On:
Products
CA App Synthetic Monitor
Issue/Introduction
I am struggling to get root access to a linux host to install CAASM on prem station due to security reasons.
I understand that installation is only possible with root.
Is root needed for the app to work or is there a different option?
Environment
DX ASM
Resolution
Here's a breakdown of why the OPMS installer requires root permissions:
The installer needs root access to:
* Create a dedicated Docker network for container API access.
* `systemctl daemon-reload` (for Docker proxy configuration changes)
* `systemctl restart docker` (for Docker proxy configuration changes)
* `systemctl restart syslog` (for ASM container logs configuration)
* Start and stop Docker or Podman containers using entry points that require root permissions (e.g., `docker compose start/stop`).
* Execute commands as root within containers to import custom CA certificates (e.g., `docker exec -u 0 ...`).
Other commands are executed as root because the installer itself runs with root privileges, but these specific commands do not inherently require root permissions:
* `uname` (to identify the system architecture)
* `docker / podman [compose] version` (to check minimum required version)
It's important to note that root permissions are dropped once the CA certificates have been imported. The only exception is the `webdriver` agent, which needs to start other containers to record video and run the Selenium proxy for each check.
Additional Information
Feedback
Yes
No
Powered by
