IBM Support

Need to have APM OS agent run as a different user

How To


Summary

Customer does not want the agent to run as root. He needs the agent to run as a non-root user. When he changes it to a non-root user the agent will not start. Issue seems to be a permissions and credentials issue.

Objective

To run the APM Linux agent as a non-root user.  They are using the Red Hat wrapper around the APM start and stop scripts.

Environment

RHEL 7.8

lz Monitoring Agent for Linux OS

    lpl266 Version: 06.35.14.14

Steps

Here is a write up on 'Starting agents as a non-root user':

https://www.ibm.com/support/knowledgecenter/SSMKFH/com.ibm.apmaas.doc/install/run_linuxaix_agent_nonroot.html

To run the agent with another user

. switch to user <svc_apm_os> and
. run command os-agent.sh start to start the agent as <svc_apm_os> user.

 

. Updating kcirunas.cfg and running UpdateAutoRun.sh will cause os agent to start automatically as user svc_apm_os  after the server is rebooted.

Make sure the user has permission to the install?

Make sure you run the /opt/ibm/apm/agent/bin/secure.sh -g <group> to a group that the user belongs to so it will have permission to run the agent?

This resolved the customer's issue after all the above steps were taken.

 

Additional Information

Does the svc_apm_os user have the ability to monitor the same resources as the root user? I read the below and I'm concerned that this new user will not be able to provide us with the information we need.

https://www.ibm.com/support/knowledgecenter/SSMKFH/com.ibm.apmaas.doc/install/osagent_config_user.html

Restriction

While running as a non-root user, the agent cannot access /proc/pid/status, and therefore cannot report the following attributes:

-User CPU Time (UNIXPS.USERTIME)
-System CPU Time (UNIXPS.SYSTEMTIM)
-Total CPU Time (UNIXPS.TOTALTIME)
-Thread Count (UNIXPS.THREADCNT)
-Child User CPU Time (UNIXPS.CHILDUTIME)
-Child System CPU Time (UNIXPS.CHILDSTIME)
-Total Child CPU Time (UNIXPS.CHILDTIME)
-Wait CPU Time (UNIXPS.WAITCPUTIM)
-Terminal (UNIXPS.USERTTY)

These attributes are not visible in the Cloud APM console but are available to create thresholds.

Document Location

Worldwide

Operating System

System x:Red Hat Linux 7

[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSVJUL","label":"IBM Application Performance Management"},"ARM Category":[{"code":"a8m500000008axBAAQ","label":"APM Agents"}],"ARM Case Number":"TS004900732","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]

Historical Number

TS004900732

Product Synonym

APM osagent

Document Information

Modified date:
11 February 2021

UID

ibm16414651

Page Feedback