How to grant non-root users the ability to stop and start agent services on UNIX or Linux?

book

Article ID: 53007

calendar_today

Updated On:

Products

CA Unicenter NSM

Issue/Introduction

Description:

This solution explains how to administer Unicenter Agent Technology agents on UNIX/LINUX when access to the root account is restricted. The unisrvcntr utility can be used in this case because it lets you add users to an authorization list to grant non-root users the ability to start, stop, and recycle any installation r11 service.

Solution:

After installing NSM Agents on UNIX/Linux, only the root user has full permission to control Agent Technology agent services. A non-root user cannot stop these services.

To grant permission to non-root users to start and stop r11.x services, use unisrvcntr to add these users to the authorization list, specifying the service each user is allowed to control.

The syntax for this command is as follows:

unisrvcntr useradd --name=<username> service(s)

Example:

  1. Login as root

  2. Run the following commands:

    $CASHCOMP/bin/unisrvcntr useradd --name=causer CA-atech
    $CASHCOMP/bin/unisrvcntr useradd --name=causer CA-diadna

  3. Log in as "causer"

  4. Run the following command to allow "causer" to stop and start CA-atech (awservices) and CA-diadna (DNA) services:

    unicntrl stop CA-atech
    unicntrl start CA-atech
    unicntrl status CA-atech

    unicntrl stop CA-diadna
    unicntrl start CA-diadna
    unicntrl status CA-diadna

  5. Use the unisrvcntr utility to delete users from the authorization list:

    unisrvcntr userdel --name=<username> <service(s)>

Note: To display help information on each of these commands, run:

          unisrvcntr --help
          unisrvcntr useradd --help
          unisrvcntr userdel --help

Environment

Release: TNGEXO05500-11.2-Management-for Microsoft Exchange
Component: