Search

7.5. Running the Agent as a Non-Root User

download PDF
To access some resource information, the agent must have root access to the resource itself. However, for security, many administrators do not want to run the agent process as root.
On Red Hat Enterprise Linux, it is possible to grant access to the agent to specific resources while running the agent as a non-root user. This is done by setting local access control rules to the local directories or files for the resource.
Note
This example sets ACLs for a PostgreSQL database; the directories and files to specify in the setfacl command will vary depending on the resource type.
  1. Log into the system as root.
  2. Make sure that the acl package is installed on the system.
    # rpm -q acl
    acl-2.2.39-6.el5
    The acl option must be applied to the filesystem. This can be done by editing the /etc/fstab file or using tune2fs. For example:
    # vim /etc/fstab
    
    LABEL=/           /             ext3    defaults,acl    1 1
    ...
    Then re-mount the filesystem.
    # mount -o remount /
  3. Optionally, create a system user to use for the agent.
    useradd jbosson-agent
  4. For PostgreSQL, the agent needs to be able to access the postgresql.conf file. Open the PostgreSQL directory:
    # cd /var/lib/pgsql
  5. Grant read and write access to the postgresql.conf file to the agent user. For example:
    # setfacl -m u:jbosson-agent:rw $PGDATA/postgresql.conf
  6. Then, grant access to the data/ directory to the agent user. For example:
    # setfacl -m u:jbosson-agent:x $PGDATA
  7. Check that the new ACLs were added properly using the getfacl command:
    # getfacl .
    # file: .
    # owner: postgres
    # group: postgres
    user::rwx
    user:jbosson-agent:--x
    group::---
    mask::--x
    other::---
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.