Agent Third-Party Deployment: Configuring the Operation Mode on UNIX
IT Asset Management
(Cloud)
Before the installation, you can configure to install the FlexNet Inventory Agent into either
of the following two operation modes on the target UNIX system:
- Default operation mode—The installed agent will run as the
root
user and requires fullroot
access. - Least privilege operation mode—The installed agent will run as
the
flxrasvc
standard user.
Important: You can upgrade an existing agent that has been installed for the default
operation mode to the least privilege operation mode. However, if an agent has been installed
for the least privilege operation mode, you cannot change it to the full privileged default
operation mode. To change an agent from the least privilege operation mode to the default
operation mode, you must uninstall and re-install the agent.
Important: If an agent has been installed for the least privilege operation mode,
it is not able to perform self-upgrade to new versions.
Configuring for the default operation mode
By default, an agent will be installed or upgraded for the default operation mode. However, if you are upgrading an existing agent from the least privilege operation mode to the default operation mode, make sure that your bootstrap configuration file is correctly configured for the default operation mode. For details, see Agent Third-Party Deployment: Configuring the Bootstrap File for UNIX.Configuring for the least privilege operation mode
To install the agent for the least privilege operation mode on UNIX, you need to complete
the following tasks before the installation:
- Configure the bootstrap file for the least privilege operation mode by following the instructions in Agent Third-Party Deployment: Configuring the Bootstrap File for UNIX.
- Make sure
sudo
is installed on the target UNIX system and the path to thesudo
binary is set in thePATH
environment. - Configure
sudo
on the target UNIX system to grant privilege to the required tools according to the following table. For a sample sudoers file to configuresudo
, see Agent Third-Party Deployment: Sample Sudoers File.Important:The following table provides information about which tools require- Always use
visudo
to edit and verify a sudoers file, and ensure the changes do not corrupt the sudoers file which can causesudo
to be inoperable. - Some systems (notably Red Hat) have a sudoers entry
Defaults requiretty
that prevents runningsudo
when notty
is present. The agent requestssudo
to run without any prompts, but this entry still causessudo
to fail without atty
, which will result in the agent being unable to launch necessary utilities throughsudo
even though the sudoers file has granted them the access. To avoid this issue, theDefaults requiretty
entry must be removed from the sudoers file. For more information, see Bug 1020147 on Red Hat Bugzilla.
sudo
privilege on which platforms for an agent running in the least privilege operation mode.Tool/Path Tool function Platform requiring sudo
privilegeConsequence of missing sudo
privilegeNon-Flexera tools /sbin/ifconfig or /usr/sbin/ifconfig Obtain network interface data Solaris Network interface data missing /usr/sbin/dmidecode Obtain hardware serial number Linux x86
Solaris x86Serial number missing /usr/sbin/ioscan Obtain local disk drive data HP-UX Disk drive data missing db2licm
Note: The path todb2licm
depends on where DB2 is installed. That path needs to be added to sudoers.Launched to obtain inventory for IBM DB2 All supported Unix platforms IBM DB2 inventory missing or incomplete /usr/sbin/subscription-manager Obtain Red Hat subscription information Linux Subscription data missing Flexera agent tools Note: Paths to Flexera agent tools are dependent on where the agent is installed. The default base installation path is /opt/managesoft/. Your custom installation path might be different if your platform supports custom installation path. For a list of platforms that support custom installation path, see Agent Third-Party Deployment: Installing FlexNet inventory agent on UNIX./opt/managesoft/libexec/flxecmc Obtain hardware properties used to generate and validate the local agent ID Linux Note: Sudo privilege for flxecmc should not be revoked once it has been provided on any given Linux machine. Doing so will cause the agent ID to not be reported even if the machine currently has a valid ID.Agent ID not generated or an existing ID not validated /opt/managesoft/libexec/flxfsscan Run file system scan and provide ability to read file data and metadata All supported Unix platforms Data missing on inventory reliant on file scan (Oracle, Oracle FMW, Java, Jboss, supported installation evidence types) /opt/managesoft/libexec/flxoracleinv Provide impersonation for running Oracle database queries scripts used in obtaining Oracle inventory All supported Unix platforms Oracle database inventory missing /opt/managesoft/libexec/flxping Implement custom ping support for MgsPing
net selector algorithmAll supported Unix platforms MgsPing
net selector algorithm failing to rank multiple beacon connections/opt/managesoft/libexec/flxps Obtain currently running process data All supported Unix platforms Data missing on inventory reliant on running process data (usage, Oracle, Oracle FMW, Java, and IBM MQ) /opt/managesoft/libexec/flxsysinfo Obtain local disk drive data Linux
HP-UX
Disk drive data missing /opt/managesoft/libexec/flxupgrade Runs platform specific install packages to support self-upgrade All supported Unix platforms Least privilege agents will not be able to support self-upgrade. This tool can be ignored for customers that do not use the agent's self-upgrade functionality. - Always use
For more details about the least privilege operation mode, such as what happens at installation, what processes are launched and how to run agent component directly after the installation, see Agent Third-Party Deployment: Least Privilege Operation Mode.
IT Asset Management (Cloud)
Current