Agent Third-Party Deployment: Accounts and Privileges
IT Asset Management
(Cloud)
When you choose to deploy the FlexNet Inventory Agent using third-party tools under your own management, you handle all the account security required for deployment and installation on target devices. The following comments assume that installation is complete, and address only the account requirements for ongoing operation.
The operational account requirements vary slightly across platforms.
Microsoft Windows
FlexNet Inventory Agent runs as the local SYSTEM account.
UNIX-like platforms
The FlexNet Inventory Agent can operate in either of the following two
modes:
- Default operation mode: Runs as the
root
user and requires fullroot
access. - Least privilege operation mode: Runs as the
flxrasvc
standard user.
Note: Whether the default mode or the least privilege mode is running on an agent must
be configured when the agent is installed or upgraded.
If
the agent has been installed for the default operation mode, it must run as
root
for all its services on the local device. If the agent has been
installed for the least privilege operation mode, sudo
must be installed on
the local device and the path to the sudo
binary must be set in the
PATH
environment variable. The following security settings are effective:
Note: The
/opt/managesoft
directory is the default base installation path. Your
customized installation path might be different.- If the agent runs in the default operation mode:
- The
/var/opt/managesoft
directory is only accessible byroot
. - The
/opt/managesoft/lib
and/opt/managesoft/libexec
folders are completely locked down to root only. - The
/opt/managesoft/bin
folder is open to all, to allow easy access to the path of the executables in the folder when using privilege escalation tools likesudo
. - The executables in the
/opt/managesoft/bin
folder are locked down to root only. - The
/opt/managesoft/documentation
and/opt/managesoft/software tag
folders are readable by all.
- The
- If the agent runs in the least privilege operation mode:
- The
/var/opt/managesoft
directory is readable by all.
- The
IT Asset Management (Cloud)
Current