On this page: Related pages:
universal_agent_user>, and assign the appropriate permissions to that user.
On this page:
The installation process installs the Universal Agent as an automatically started system service. Therefore, you need to perform the installation on the system as a user with sufficient privileges for this type of installation. On Linux, for example, you typically need to run the script as a user with sudo privileges.
For all environments you can create a specific user with the necessary read/write/execute permissions for running the Universal Agent:
- All files in the <
universal-agent-home>installation directory should be readable by the Universal Agent.
- The user that runs the Universal Agent must have write privileges to the logging output directory and to the /
confdirectory in the agent installation directory.
- The user that runs the Universal Agent must have write privileges to the
logsdirectories in the <
- In addition, the user that runs the Universal Agent needs execute access as described below.
systemctl stop: Stops the Universal Agent service
systemctl restart: Restarts the Universal Agent after upgrade
systemctl disable- uninstalls the Universal Agent service
service stop: Stops the Universal Agent service
chkconfig --del: Uninstalls the Universal Agent service
service restart: Restarts Universal Agent after upgrade
java- to start and stop standalone Analytics JVM (usually only on Windows)
java -version- to determine version of Java
sudo -u <user-id> java .../javaagent.jar- to remote attach to a JVM, if JVM is running with a different user id than the Universal Agent
java .../javaagent.jar- to remote attach to a JVM, if JVM running with same user id as UA
machine-agent- invokes machine-agent script to start machine agent
/opt/appdynamics/universal-agent/ua --daemon- to start the Universal Agent daemon, when it is not defined as a Linux service
Setting up the Non-root User for Universal Agent
In most Linux installations, you can configure
sudo ability for the Universal Agent by editing the
/etc/sudoers file using
visudo. The following steps provide an example of this configuration change:
- Find the line with "
Defaults requiretty" and change it to "
- Find the line with "
rootALL=(ALL) ALL". After this line, add the line "
<user_name> ALL=(ALL) ALL", where "<
user>" is the user ID that the Universal Agent service is running under.
(For Java Agent Remote Attach) When deploying Java Agents into environments using remote attach, if the Universal Agent runs as root or as the same user that runs the JVMs to which you want to remotely attach, no additional user configuration is required. However, if the Universal Agent runs as a non-root user that is not the same user used to run the target JVM, then you need to authorize the Universal Agent user to use sudo privileges to enable the Universal Agent to retrieve environment variables used in dynamic variable binding.
At the end of the /etc/sudoers file, add the following line:
The value of <
ua_user> is the user id that the Universal Agent service is running under. Note that
/usr/bin/javarepresents the fully-qualified path name for Java on this system. This value can be found by entering the
which javacommand, and may be different from
(For deploying the Network Agent) Installing the Network Agent using the Universal Agent requires elevated privileges for some commands. At the end of the
/etc/sudoersfile, add the following line:
/sbin/setcaprepresents the fully-qualified path name for
setcapbinary on this system. This value can be found by entering the
which setcapcommand, and may be different from
Windows permissions for files and subfolders are inherited by default from the parent folder (<universal_agent_home>). It is good practice to restrict permissions to users authorized to start, stop, and configure the Universal Agent:
- Read and Write permissions to all files and subfolders under
- Permission to install and uninstall software
- Start, Stop, and Restart permissions for the Universal Agent service. You need admin privileges to install and run the service.