Agent Third-Party Deployment: Configuring the Operation Mode on UNIX

FlexNet Manager Suite 2024 R2 (On-Premises)
Before the installation, you can configure to install the FlexNet Inventory Agent into either of the following two operation modes on the target UNIX system:
  • Default operation mode—The installed agent will run as the root user and requires full root access.
  • Least privilege operation mode—The installed agent will run as the flxrasvcstandard user.
Important: You can upgrade an existing agent that has been installed for the default operation mode to the least privilege operation mode. However, if an agent has been installed for the least privilege operation mode, you cannot change it to the full privileged default operation mode. To change an agent from the least privilege operation mode to the default operation mode, you must uninstall and re-install the agent.
Important: If an agent has been installed for the least privilege operation mode, it is not able to perform self-upgrade to new versions.

Configuring for the default operation mode

By default, an agent will be installed or upgraded for the default operation mode. However, if you are upgrading an existing agent from the least privilege operation mode to the default operation mode, make sure that your bootstrap configuration file is correctly configured for the default operation mode. For details, see Agent Third-Party Deployment: Configuring the Bootstrap File for UNIX.

Configuring for the least privilege operation mode

To install the agent for the least privilege operation mode on UNIX, you need to complete the following tasks before the installation:
  1. Configure the bootstrap file for the least privilege operation mode by following the instructions in Agent Third-Party Deployment: Configuring the Bootstrap File for UNIX.
  2. Make sure sudo is installed on the target UNIX system and the path to the sudo binary is set in the PATH environment.
  3. Configure sudo on the target UNIX system to grant privilege to the required tools according to the following table. For a sample sudoers file to configure sudo, see Agent Third-Party Deployment: Sample Sudoers File.
    Important:
    • Always use visudo to edit and verify a sudoers file, and ensure the changes do not corrupt the sudoers file which can cause sudo to be inoperable.
    • Some systems (notably Red Hat) have a sudoers entry Defaults requiretty that prevents running sudo when no tty is present. The agent requests sudo to run without any prompts, but this entry still causes sudo to fail without a tty, which will result in the agent being unable to launch necessary utilities through sudo even though the sudoers file has granted them the access. To avoid this issue, the Defaults requiretty entry must be removed from the sudoers file. For more information, see Bug 1020147 on Red Hat Bugzilla.
    The following table provides information about which tools require sudo privilege on which platforms for an agent running in the least privilege operation mode.
    Tool/Path Tool function Platform requiring sudo privilege Consequence of missing sudo privilege
    Non-Flexera tools
    /sbin/ifconfig or /usr/sbin/ifconfig Obtain network interface data Solaris Network interface data missing
    /usr/sbin/dmidecode Obtain hardware serial number

    Linux x86

    Solaris x86    		 Serial number missing
    db2licm
    Note: The path to db2licm depends on where DB2 is installed. That path needs to be added to sudoers.
    		 Launched to obtain inventory for IBM DB2 All supported Unix platforms IBM DB2 inventory missing or incomplete
    /usr/sbin/subscription-manager Obtain Red Hat subscription information Linux Subscription data missing
    Flexera agent tools
    Note: Paths to Flexera agent tools are dependent on where the agent is installed. The default base installation path is /opt/managesoft/. Your custom installation path might be different if your platform supports custom installation path. For a list of platforms that support custom installation path, see Agent Third-Party Deployment: Installing FlexNet inventory agent on UNIX.
    /opt/managesoft/libexec/flxecmc Obtain hardware properties used to generate and validate the local agent ID Linux
    Note: Sudo privilege for flxecmc should not be revoked once it has been provided on any given Linux machine. Doing so will cause the agent ID to not be reported even if the machine currently has a valid ID.
    		 Agent ID not generated or an existing ID not validated
    /opt/managesoft/libexec/flxfsscan Run file system scan and provide ability to read file data and metadata All supported Unix platforms Data missing on inventory reliant on file scan (Oracle, Oracle FMW, Java, Jboss, supported installation evidence types)
    /opt/managesoft/libexec/flxoracleinv Provide impersonation for running Oracle database queries scripts used in obtaining Oracle inventory All supported Unix platforms Oracle database inventory missing
    /opt/managesoft/libexec/flxping Implement custom ping support for MgsPing net selector algorithm All supported Unix platforms MgsPing net selector algorithm failing to rank multiple beacon connections
    /opt/managesoft/libexec/flxps Obtain currently running process data All supported Unix platforms Data missing on inventory reliant on running process data (usage, Oracle, Oracle FMW, Java, and IBM MQ)
    /opt/managesoft/libexec/flxsysinfo Obtain local disk drive data

    Linux

    		 Disk drive data missing
    /opt/managesoft/libexec/flxupgrade Runs platform specific install packages to support self-upgrade All supported Unix platforms Least privilege agents will not be able to support self-upgrade. This tool can be ignored for customers that do not use the agent's self-upgrade functionality.

For more details about the least privilege operation mode, such as what happens at installation, what processes are launched and how to run agent component directly after the installation, see Agent Third-Party Deployment: Least Privilege Operation Mode.

FlexNet Manager Suite (On-Premises)

2024 R2