Download page Permissions Required to Run the Machine Agent.
Permissions Required to Run the Machine Agent
This page describes the permissions needed to run the Machine Agent. During installation, the default user for running the Machine Agent is set to root. This is because the only user that is standard on a UNIX or Linux system is root and we do not want to create users on your system. We recommend that you create a non-root user, for example <machine_agent_user>, and assign the appropriate permissions to that user. See Install the Machine Agent.
For all environments, create a specific user with the necessary read/write/execute permissions.
All files in the <machine-agent-home> installation directory should be readable by the Machine Agent.
The user that runs the Machine Agent must have write privileges to the logging output directory and to the /conf directory in the agent installation directory.
Additionally, the user that runs the Machine Agent needs execute access.
Important Notes
You do not need to run the Machine Agent from a root or administrator account. However, if you enable the JVM Crash Guard on a monitored application running from a root or administrator account, then the Machine Agent requires root or administrator privileges to access the monitored application's JVM process and directory listings for crash files.
You need to run with administrator or root privileges if you want to monitor networks or disks that are only available to the administrator or root user.
The user that runs the Machine Agent must have write privileges to the conf and logs directories in the <machine_agent_home> directory.
The Machine Agent implements a shutdown hook, so issuing the kill command (or Ctrl+C) from the operating system will cause the agent to perform a graceful shutdown.
If the Machine Agent is not run by the root user or administrator user, the user that runs the Machine Agent should have permissions to execute the listed commands for the following environments. These commands are the source of metric collection.
AIX
awk
cat
cut
date
grep
head
ifconfig
lparstat
lsattr
lsdev
netstat
ps
svmon
tail
tr
oslevel
prtconf
uname
df
iostat
sed
uptime
Linux
awk
basename
cat
df
chroot
date
free
getconf
ip
lsblk
ps
readlink
sed
tail
tr
uname
uptime
vmstat
Windows
Windows permissions for files and subfolders are inherited by default from the parent folder (<machine_agent_home>). You should restrict permissions to users authorized to start, stop, and configure the Machine Agent:
Read and Write permissions to all files and subfolders under <machine-agent-home>
(If running as a terminal application) Read, Write, and Execute permissions for the file <machine-agent-home>\bin\machine-agent.vbs
(If running as a service) Start, Stop, and Restart permissions for the Machine Agent service. You only need admin privileges to install the service. The Machine Agent runs under the local system account which has extensive privileges on the local system, so you do not need to run the Machine Agent as Administrator, unless WMI access is revoked. Normal users typically have WMI access. See https://technet.microsoft.com/en-us/library/cc771551.aspx.
Mac OS X, AIX, HP-UX, and Z/OS
There are no particular execute privileges required.
Solaris System Utilities
awk
cat
cut
df
dladm
grep
head
ifconfig
iostat
isainfo
kstat
mpstat
nawk
netstat
pagesize
ps
psrinfo
sed
swap
tail
tr
uname
uniq
uptime
vmstat
wc
zpool
JVM Crash Guard
If you plan to enable JVM Crash Guard, see JVM Crash Guard for additional required permissions.