Idea Details

CA PC files and processes should not belong to root after installation

Last activity 07-23-2019 08:09 AM
yann.mornet's profile image
05-18-2017 08:12 AM

Dear community.

As the DR installation asks for a specific user (dradmin), installs and chowns the files to this user then runs the processes as this specific user....

As the DA installation does the same.

As the DC installation does the same.

 

Why CA PC installation is so poor in comparison and leaves files and processes running as root ?

Please, change CA PC installation so that files and processes belongs to a non root user.


Comments

08-03-2017 04:36 PM

If you make it a bit like the Spectrum installation where you need root/sudo to initially install/upgrade it but then subsequent operation and maintenance can be done by a non root user, I think you'll see a lot of happy admins.  In fact, CAPM probably only needs root to write the startup scripts to /etc/init.d and make kernel parameter adjustments at install so maybe even just carve those bits out for root/sudo to run and let everything else install/run as non root.  There's no need to bind to privileged ports (<1024) so no need for processes to be setuid either.  

08-03-2017 04:26 PM

I've had a couple customers raise this to me directly, as both a security concerns as well as a maintenance headache.  Admins need to temporarily request root/sudo not only to install/upgrade, but also to perform post install tasks such as setting up SAML or SSL.  Let see how many votes this gets.