DX NetOps

Expand all | Collapse all

Root installation of CAPM

  • 1.  Root installation of CAPM

    Posted 03-29-2017 12:30 PM

    When will we no longer have to use ROOT when installing the CAPM product? This has been such a thorn in our side since we are a huge enterprise and do not admin the servers, therefore, we do not have ROOT access. So we have to continuously get the Linux team involved to help us do the simplest of tasks for us since they have root and we don't. Even editing a file is an issue. Ugh!

  • 2.  Re: Root installation of CAPM

    Posted 03-30-2017 06:49 AM

    For each of the components, the install procedures explains how to run the installer using sudo. Ask your colleagues to provide you acces the acces. For DR here is how to do it. 

  • 3.  Re: Root installation of CAPM

    Posted 03-30-2017 10:39 AM

    unfortunately our Linux team will not allow Sudo either

  • 4.  Re: Root installation of CAPM

    Posted 03-30-2017 10:49 AM

    I don’t think you have a choice then, as the pollers communicate on port 161 (or 162, can never remember), which requires root access.  Not sure about the other components…

  • 5.  Re: Root installation of CAPM

    Broadcom Employee
    Posted 03-30-2017 10:58 AM

    Could steal a page from how Spectrum does this:  the installation needs to be done as root but afterwards, the files and most of the processes are owned by a non root user.  There is a limitation on privileged ports (those below 1024) at the OS level, so if you need to bind to a port like 80, or 162 (SNMP trap receiver), you need to be root.  Spectrum gets around that by having the SpectroSERVER executable as setuid root so it can bind to 162 to receive traps.  That's why the installation needs to be done as root.  Otherwise, everything else is non root.  CAPM doesn't listen for traps, so there's no requirement there and you don't need to be root to poll SNMP on port 161 but that doesn't mean that there isn't something ( I seem to recall certain tasks involving ICMP require root) that requires it.  The trick is to limit root ownership to just those parts and let the rest run as a non root user.

  • 6.  Re: Root installation of CAPM

    Posted 03-31-2017 10:54 AM

    is this something that would have to be set into the installer, or something the user can do after the installation is complete? Also I believe the Vertica DB also has a user "dradmin" that is not root but has root privileges, which is the reason (I believe) I can work around so any of the root restrictions I have. Thoughts?

  • 7.  Re: Root installation of CAPM

    Broadcom Employee
    Posted 03-31-2017 11:05 AM

    Would need to be set in the installer.  As far as dradmin, it's a regular OS user and doesn't normally have any root privileges.  It just happens to be the Vertica application owner which is why you don't need root access to do database admin functions.