Service Manager version 12.3 introduced a new capability on UNIX: a clean separation between the
process running as root and the
process that opens a listening socket. Prior to v12.3, a single ucybsmgr process fulfilled both roles, running as root and opening a listening socket. Starting with v12.3, these roles are segregated into two separate processes.
- ucybsmgr: Usually run as root. If started as root, starts most child processes as root, e.g., the UNIX agent, which needs to run as root in order to switch to other users when starting jobs. Starts ucybsmgr-listener as nobody.
- ucybsmgr-listener: Child process of ucybsmgr. Started as nobody. Opens a listening TCP socket to accept incoming service manager commands from the Service Manager GUI, the Service Manager CLI, or the Automation Engine.
# lsof | grep 8871
ucybsmgr 91442 nobody 4u IPv6 107213485 0t0 TCP *:8871(LISTEN)
ucybsmgr 91442 nobody 6u IPv6 107213486 0t0 UDP *:8871
# ps -ef | grep 91441
root 91441 1 0 16:06 pts/1 00:00:00 ./ucybsmgr -iucybsmgr_EXP2.ini uc4
nobody 91442 91441 0 16:06 pts/1 00:00:00 ucybsmgr-listener uc4
root 108004 91441 1 16:39 pts/1 00:00:10 /opt/uc4/agent/ucxjlx6 /opt/uc4/agent/ucxjlx6_EXP2.ini
KB article 145565 describes the new program in more detail. Note that the separation of root process and listening process works even if
SMGR_SUPPORT_LEGACY_SECURITY is set to Y. (In other words, this feature does
not depend on TLS or
CAPKI.)