This page describes the permissions needed to run the Machine Agent. During installation, the default user for running the Machine Agent is set to root. This is because the only user that is standard on a UNIX or Linux system is root and we do not want to create users on your system. We recommend that you create a non-root user, for example <machine_agent_user>, and assign the appropriate permissions to that user. See Install the Machine Agent.

For all environments, create a specific user with the necessary read/write/execute permissions.

  • All files in the <machine-agent-home> installation directory should be readable by the Machine Agent. 
  • The user that runs the Machine Agent must have write privileges to the logging output directory and to the /conf directory in the agent installation directory. 
  • Additionally, the user that runs the Machine Agent needs execute access.

Important Notes 

  • You do not need to run the Machine Agent from a root or administrator account. However, if you enable the JVM Crash Guard on a monitored application running from a root or administrator account, then the Machine Agent requires root or administrator privileges to access the monitored application's JVM process and directory listings for crash files. 
  • You need to run with administrator or root privileges if you want to monitor networks or disks that are only available to the administrator or root user.
  • The user that runs the Machine Agent must have write privileges to the conf and logs directories in the <machine_agent_home> directory. 
  • The Machine Agent implements a shutdown hook, so issuing the kill command (or Ctrl+C) from the operating system will cause the agent to perform a graceful shutdown.
  • If the Machine Agent is not run by the root user or administrator user, the user that runs the Machine Agent should have permissions to execute the listed commands for the following environments. These commands are the source of metric collection.

AIX

  • awk

  • cat

  • cut

  • date

  • grep

  • head

  • ifconfig

  • lparstat

  • lsattr

  • lsdev

  • netstat

  • ps

  • svmon

  • tail

  • tr

  • oslevel

  • prtconf

  • uname

  • df

  • iostat

  • sed

  • uptime

Linux

  • awk

  • basename

  • cat

  • df

  • chroot

  • date

  • free

  • getconf

  • ip

  • lsblk

  • ps

  • readlink

  • sed

  • tail

  • tr

  • uname

  • uptime

  • vmstat

Windows

Windows permissions for files and subfolders are inherited by default from the parent folder (<machine_agent_home>). You should restrict permissions to users authorized to start, stop, and configure the Machine Agent:

  • Read and Write permissions to all files and subfolders under <machine-agent-home>
  • (If running as a terminal application) Read, Write, and Execute permissions for the file <machine-agent-home>\bin\machine-agent.vbs 
  • (If running as a service) Start, Stop, and Restart permissions for the Machine Agent service. You only need admin privileges to install the service. The Machine Agent runs under the local system account which has extensive privileges on the local system, so you do not need to run the Machine Agent as Administrator, unless WMI access is revoked. Normal users typically have WMI access. See https://technet.microsoft.com/en-us/library/cc771551.aspx.

Mac OS X, AIX, HP-UX, and Z/OS

There are no particular execute privileges required.

Solaris System Utilities

  • awk

  • cat

  • cut

  • df

  • dladm

  • grep

  • head

  • ifconfig

  • iostat

  • isainfo

  • kstat

  • mpstat

  • nawk

  • netstat

  • pagesize

  • ps

  • psrinfo

  • sed

  • swap

  • tail

  • tr

  • uname

  • uniq

  • uptime

  • vmstat

  • wc

  • zpool

JVM Crash Guard

If you plan to enable JVM Crash Guard, see JVM Crash Guard for additional required permissions.