This topic describes the permissions needed to run the Machine Agent. During installation, the default user for running the Machine Agent is set to
root. This is because the only user that is standard on a UNIX or Linux system is root and we do not want to create users on your system. We recommend that you create a non-root user, for example
<machine_agent_user>, and assign the appropriate permissions to that user.
For all environments, you should create a specific user with the necessary read/write/execute permissions.
- All files in the
<machine-agent-home> installation directory should be readable by the Machine Agent. - The user that runs the Machine Agent must have write privileges to the logging output directory and to the /
conf directory in the agent installation directory. - In addition, the user that runs the Machine Agent needs execute access as described below.
Important Notes
- You do not need to run the Machine Agent from a root or administrator account, but if you enable the JVM Crash Guard on a monitored application running from a root or administrator account, the Machine Agent requires root or administrator privileges to look in the monitored application's JVM process and directory listings for crash files.
- You also will need to run with administrator or root privileges if you want to monitor networks or disks that are only available to the administrator or root user.
- The user that runs the Machine Agent must have write privileges to the
conf and logs directories in the <machine_agent_home> directory. - The Machine Agent implements a shutdown hook, so issuing the kill command (or Ctrl+C) from the operating system causes the agent to perform a graceful shutdown.
Linux
- ip
- df
- awk
- basename
- cat
- date
- dmesg
- md5sum
- readlink
- sed
- uname
- ps
Windows
Windows permissions for files and subfolders are inherited by default from the parent folder (<machine_agent_home>). It is good practice to restrict permissions to users authorized to start, stop, and configure the Machine Agent:
- Read and Write permissions to all files and subfolders under
<machine-agent-home> - Read, Write, and Execute permissions for the file
<machine-agent-home>\bin\machine-agent.vbs (if running as a terminal application) - Start, Stop, and Restart permissions for the Machine Agent service (if running as a service). You only need admin privileges to install the service. The machine agent runs under the local system account which has extensive privileges on the local system, so there is no need to run the Machine Agent as Administrator, unless WMI access is revoked. Normal users typically have WMI access. For additional information, see https://technet.microsoft.com/en-us/library/cc771551.aspx.
The machine agent runs under the local system account which has extensive privileges on the local system, so there is no need to run the Machine Agent as Administrator, unless WMI access is revoked. Normal users typically have WMI access. For additional information, see https://technet.microsoft.com/en-us/library/cc771551.aspx.
Mac OS X, AIX, HP-UX, and Z/OS
There are no particular execute privileges needed.
Solaris System Utilities
- awk
- netstat
- zpool
- egrep
- iostat
- prtconf
- pagesize
- kstat
- prstat
- grep
- vmstat
JVM Crash Guard
If you plan to enable JVM Crash Guard, see JVM Crash Guard for information on additional permissions that are required.