Agent Third-Party Deployment: Accounts and Privileges

FlexNet Manager Suite 2024 R2 (On-Premises)

When you choose to deploy the FlexNet Inventory Agent using third-party tools under your own management, you handle all the account security required for deployment and installation on target devices. The following comments assume that installation is complete, and address only the account requirements for ongoing operation.

The operational account requirements vary slightly across platforms.

Manually invoking agent processes

On computers running Windows operating systems, manually executed processes should be run with local administrator rights.

On computers running Unix-like operating systems, manually executed processes should generally be run:
  • As root on computers where the FlexNet inventory agent is configured to run in default operation mode.
  • As the flxrasvc user where the FlexNet inventory agent is configured to run in least privilege operation mode.

Microsoft Windows

FlexNet Inventory Agent runs as the local SYSTEM account.

UNIX-like platforms

The FlexNet Inventory Agent can operate in either of the following two modes:
  • Default operation mode: Runs as the root user and requires full root access.
  • Least privilege operation mode: Runs as the flxrasvc standard user.
Note: Whether the default mode or the least privilege mode is running on an agent must be configured when the agent is installed or upgraded.
If the agent has been installed for the default operation mode, it must run as root for all its services on the local device. If the agent has been installed for the least privilege operation mode, sudo must be installed on the local device and the path to the sudo binary must be set in the PATH environment variable.
The following security settings are effective:
Note: The /opt/managesoft directory is the default base installation path. Your customized installation path might be different.
  • If the agent runs in the default operation mode:
    • The /var/opt/managesoft directory is only accessible by root.
    • The /opt/managesoft/lib and /opt/managesoft/libexec folders are completely locked down to root only.
    • The /opt/managesoft/bin folder is open to all, to allow easy access to the path of the executables in the folder when using privilege escalation tools like sudo.
    • The executables in the /opt/managesoft/bin folder are locked down to root only.
    • The /opt/managesoft/documentation and /opt/managesoft/software tag folders are readable by all.
  • If the agent runs in the least privilege operation mode:
    • The /var/opt/managesoft directory is readable by all.

FlexNet Manager Suite (On-Premises)

2024 R2