Change NetOps Portal install ownership from root to non-root user
search cancel

Change NetOps Portal install ownership from root to non-root user

book

Article ID: 436680

calendar_today

Updated On:

Products

Network Observability CA Performance Management

Issue/Introduction

The NetOps Portal was installed using the root user.

We want to change it to a non-root user. How can we accomplish this?

Environment

All supported Network Observability DX NetOps Portal releases

Cause

Environmental requirements limit use of root user for software installation ownership.

Resolution

1. LOCATE SERVICE CONFIGURATION FILES: Navigate to the binary directories for the following four services:

    • /opt/CA/PerformanceCenter/PC/bin/caperfcenter_console

    • /opt/CA/PerformanceCenter/EM/bin/caperfcenter_eventmanager

    • /opt/CA/PerformanceCenter/sso/bin/caperfcenter_sso

    • /opt/CA/PerformanceCenter/DM/bin/caperfcenter_devicemanager

    • /opt/CA/PerformanceCenter/PA/bin/netops_productanalytics   

        MODIFY RUN_AS_USER SETTING: Edit each of the four files listed in Step 1.

        Search for the following line: #RUN_AS_USER=

        Uncomment the line and add the correct non-root installation owner: RUN_AS_USER=[userName]

Replace [userName] with your target user name.

    2. LOCATE SERVICE CONFIGURATION FILES: Navigate to the binary directories for the following four services:

    • /etc/systemd/system/caperfcenter_console.service

    • /etc/systemd/system/caperfcenter_eventmanager.servoce

    • /etc/systemd/system/caperfcenter_sso.service

    • /etc/systemd/system/caperfcenter_devicemanager.service

    • /etc/systemd/system/netops_productanalytics.service


         Add the following to the "[Service]" section:

             User=[userName]

Replace [userName] with your target user name.

        In the /etc/systemd/system/caperfcenter_console.service also add the following to the same section:

              AmbientCapabilities=CAP_NET_BIND_SERVICE

  3. Make sure any log files are owned by the [userName] user:

     cd <installDir>

     chown -R [userName] PerformanceCenter

Run "ls -al" against the PerformanceCenter directory to validate all files and directories are now owned by the target [uuserName] where they were previously owned by root.
   

  3. RESTART SERVICES: Restart the modified services to apply changes (mysql does not need to be restarted)

EXPECTED: Services run under the [userName] account instead of root.

VERIFY SUCCESS:

  • Execute 'ps -ef | grep caperfcenter' to check process owners.

  • Confirm all services show [userName] in the user column.

  • Verify system functionality remains stable.

Powered by Wolken Software