The software should be installed as a non-root user in a distinct group, created specifically to install and administer Prognosis.
The same user account should be used to install and run the Prognosis service, however ‘root’ privileges are required for certain components of the installation and patching process. See Elevated Processes below.
The Prognosis user and group names must be 8 characters or less in length. Prognosis should also not be run with any monitored application user, however the Prognosis user can belong to other groups.
user PRGN in group PRGN.
There are some processes that do require elevated permissions in order for the processes to perform correctly, and therefore these processes are owned by the ‘root’ user. By setting the SETUID flag on these processes, this will allow the process to run with elevated privileges. This ownership and the SETUID flag is setup during installation and patching.
The following list of processes require elevated permissions:
|Executable Name||Purpose of Executable||Reason for Root|
|irautoan||Analyst and Threshold process - generates alerts based on specific data conditions.||Required for running OS shell and executing commands|
|iravcol||Availability collector||Port monitoring|
|ircmdsrv||Responsible for creating OS shells for executing commands.||Required for running OS shell and executing commands|
|irdspsrv||Dispatch Manager process. Sends emails and pager alerts in response to threshold requests.||Needs to listen on port 110 for incoming email (POP)|
|irebcol||eBusiness Collector - Websphere Application Server||Allows purging of application log files if configured to do so.|
|irinvoke||Used to perform actions, such as patch installation.||Allows switching to root and running commands. eg: install patch.|
|irlsof||IR's implementation of lsof.||Data sources require root privileges.|
|irlsof-aix61||Version specific implementation of irlsof||Data sources require root privileges.|
|irmulticol||Collector for many different Records, including Unix Process, Unix Users, etc||Data sources require root privileges.|
|irmulticol2||Collector for many different Records, including Unix CPU, Unix Kernel, etc||Data sources require root privileges.|
|irnetmon||Network Monitoring collector||Needs to 'listen' on ports lower than 1024|
Maintains all server connections, internally and remote
|Needs setuid in order to manage other processes that run setuid. Also need access for multicasting (auto discovery).|
|irpacecol||Customisable Collector, usually used by consulting services||Depends on gatherers used within solution. Eg. SNMP Traps in|
|irpcload||Utility to load kernel module for Transient Process Collector||Need to load a module into the kernel for transient process information.|
|irpromgr||Process Manager - monitors and restarts internal processes||Needs setuid in order to manage other processes that run setuid.|
|irsnmptr||SNMP Traps In collector. Receives and processes incoming SNMP traps.||Needs to 'listen' on port lower than 1024|
|irtecad||Tivoli Adapter - Used to send alerts to Tivoli Enterprise Console||Tivoli Interface. May need to listen on port lower than 1024.|
|irudgcol||Collects OS data, similarly to those available via SAR||Data sources require root privileges.|
|iruxdevscan||Device Scanner - collects information on Physical and Logical Volumes||Data sources require root privileges.|
|iruxerrptmon||IR's implementation of errpt for system log file information||Data sources require root privileges.|
|iruxfspcol||File System Performance Collector||Data sources require root privileges.|