We use Autosys 11.3.6 SP0 in our environment hosted on the Linux server.
Just in case, we change the password of the "autosys" user on the linux agent machines, will that impact our jobs?
/* ----------------- CM_CMXJOB01-HSBC-CD-STMT_FSM_P ----------------- */
insert_job: TEST_FSM_P job_type: CMD
command: auto_ps7 -j jb -Z UNX PRD BANK-STMT JOB01 AUTOSYS
description: "Import bank statement"
notification_msg: "Job failed. This is a Priority 1 issue. Contact oncall."
There is a local user named "autosys" on the FSM server and if the password of that user changes, do I need to update anything anywhere? OR Can I simply continue running the jobs in Autosys?
I know if the password for a user is changed on the Windows server, we will need to update the autosys_secure file. I never updated the autosys_secure file for a Linux user.
Can someone throw some light on this please?
The CA WA Agent for UNIX doesn't need passwords to run jobs, because it either runs the jobs as the user it was started, e.g. autosys.
Or, it will become the user you provide in our job, normally this is possible if you start agent as root. When started as root and job/jil has some other user defined, it will then switch over (SETUID) to user in the job.
If all your jobs are going to be executed as just one user, autosys, then start the agent as autosys user.
We start the agents as the autosys user, and they come up owned by root.
Does your agent start as service?
Usually services are started by root. Check with ps to see the cybAgent process owner.
Yes, the ps shows it's owned by root even though autosys account started the process with a unisrvcntr start command.
The security bit sets it to root. Agent always has to run as root.
Just like the same bit runs autosys..
Nothing in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message.
Confidentiality Note: This message is intended only for the person or entity to which it is addressed. It may contain confidential and/or privileged material. Any review, transmission, dissemination or other use, or taking of any action in reliance upon this message by persons or entities other than the intended recipient is prohibited and may be unlawful. If you received this message in error, please contact the sender and delete it from your computer.
You can change the agent service to run as user. Create a wrapper script that will use sudo and start agent as a user. Then place the script in the /etc/init.d and use that to start up the agent. When the agent starts, it will start as a user and not as root.
#!/bin/bash exec sudo -u autouser /opt/CA/WA_Agent/cybagent-WA_AGENT.init $1
exec sudo -u autouser /opt/CA/WA_Agent/cybagent-WA_AGENT.init $1
Above example uses the init script that is in the CA WA Agent directory and agent is starting as "autouser". Also, you will have to change the CA WA Agent directory and it contents owner (chown) to the user that starts the agent, or the agent may not start.
You can use the init that is installed by Autosys in /etc/init.d. But then you will have to move that out to other some other place and refer it in the above wrapper script. Make sure to test this and see if this is what you want. When the agent starts as user, some jobs may fail if the agent needs to switch users (SETUID), and it can't do that as a user.