Idea Details

CA Performance Center to both install and execute as a sudo user

Last activity 12-17-2016 10:49 AM
ca.portal.admin's profile image
07-31-2014 08:34 AM

Currently, the install guide requires you to install as either the root account or an account with “sudo” privileges to execute specific files/services as the root account.  Here is the list:

    (root) NOPASSWD: /tmp/CAPerfCenterSetup.bin,

    /etc/init.d/caperfcenter_console, /etc/init.d/caperfcenter_devicemanager,

    /etc/init.d/caperfcenter_eventmanager, /etc/init.d/caperfcenter_sso,

    /etc/init.d/mysql, /opt/CA/PerformanceCenter/Tools/bin/npcshell.sh,

    /opt/CA/PerformanceCenter/SsoConfig,

    /opt/CA/PerformanceCenter/Uninstall_MySql,

    /opt/CA/PerformanceCenter/Uninstall_PerformanceCenter,

    /opt/CA/PerformanceCenter/Uninstall_SSO

(mysql) NOPASSWD: /opt/CA/MySql/tmp

 

Given this requirement, there’s no surprise that the files install and run as root.  We need to be able to run and execute these files as a sudo user:

    (mySudoAccout) NOPASSWD: /tmp/CAPerfCenterSetup.bin,

    /etc/init.d/caperfcenter_console, /etc/init.d/caperfcenter_devicemanager,

    /etc/init.d/caperfcenter_eventmanager, /etc/init.d/caperfcenter_sso,

    /etc/init.d/mysql, /opt/CA/PerformanceCenter/Tools/bin/npcshell.sh,

    /opt/CA/PerformanceCenter/SsoConfig,

    /opt/CA/PerformanceCenter/Uninstall_MySql,

    /opt/CA/PerformanceCenter/Uninstall_PerformanceCenter,

    /opt/CA/PerformanceCenter/Uninstall_SSO

(mysql) NOPASSWD: /opt/CA/MySql/tmp

 

 

Running Linux applications as the root account is risky at best from a security standpoint