IBM Tivoli Netcool/OMNIbus Version 8.1

Process agent security considerations

If the process agent is running as a privileged or super user on the host machine, it is possible for a Netcool/OMNIbus Administrator to configure external actions which are then executed on the host system as a privileged user. For example, as the root user (UNIX) or as the Local System User (Windows). This presents a potential security risk. Therefore, the process agent must be run as a non-privileged user.

Note: There are instances when the process agent must be run as a privileged user. For example, when running the SNMP Probe which needs to open port 162, and when local file authentication is in use and the process agent must be able to read the /etc/shadow file to authenticate users (UNIX only).
Parent topic: Creating and starting a process control network system
Related tasks:
Running the process agent as a non-privileged user (UNIX)
Running the process agent as a non-privileged user (Windows)
Running the process agent as a privileged user

Library | Support |