ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Why WebServer user is required to have write permission on the "SmHost.conf" file?

book

Article ID: 50544

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction

During the Web Agent startup process on the UNIX server, the following warning message is logged in the web server log file. 

[Warning] SiteMinder Agent
        Siteminder Web Agent not having write permissions on host configuration file. Shared secret roll-over may not be supported.
        Permission denied. Please assign write privileges to the user apache for the file /opt/CA/webagent/config/SmHost.conf

Why does the webserver user, who is running the web agent, need write permission for the SmHost.conf file?

Environment

Release:
Component: SMAPC

Resolution

This warning message generally can be ignored except for one condition.

The SmHost.conf file needs to have write permission if Shared Secret Rollover is enabled on the policy server. The web agent by default checks if it has the write permission on SmHost.conf file. If it doesn't have then it will print the warning message.

If Shared Secret Rollover is enabled then the webserver user should have write permission to the SmHost.conf file otherwise web agent will not function properly.