Service Manager version 12.3 introduced a new capability on UNIX: a clean separation between the Service Manager process, which is often run as root, and the process that opens a listening socket. Prior to v12.3, there was no separate listener process.
It is generally considered bad security practice to have a process that runs as root also accept incoming network connections, because it increases the risk of privilege escalation. (In other words, it increases the risk that a remote attacker could exploit a bug in the program to run commands as root.)
Starting with v12.3, these roles are segregated into two separate processes.
- ucybsmgr: If started as root, starts most child processes as root, e.g., the UNIX agent, which needs to run as root in order to switch to other users when starting jobs. Starts ucybsmgr-listener as nobody.
- ucybsmgr-listener: Child process of ucybsmgr. Started as nobody. Opens a listening TCP socket to accept incoming service manager commands from the Service Manager GUI, the Service Manager CLI, or the Automation Engine.
# lsof | grep 8871
ucybsmgr 91442 nobody 4u IPv6 107213485 0t0 TCP *:8871(LISTEN)
ucybsmgr 91442 nobody 6u IPv6 107213486 0t0 UDP *:8871
# ps -ef | grep 91441
root 91441 1 0 16:06 pts/1 00:00:00 ./ucybsmgr -iucybsmgr_EXP2.ini uc4
nobody 91442 91441 0 16:06 pts/1 00:00:00 ucybsmgr-listener uc4
root 108004 91441 1 16:39 pts/1 00:00:10 /opt/uc4/agent/ucxjlx6 /opt/uc4/agent/ucxjlx6_EXP2.ini
KB article 145565 describes the new program in more detail. Note that the separation of root process and listening process works even if SMGR_SUPPORT_LEGACY_SECURITY
is set to Y. (In other words, this feature does not depend on TLS or CAPKI.)