Why does the APM Siteminder agent (SMM) for webagent change permissions for the IntroscopeAPI.shm file?
Siteminder Manager Agent (SMM) 12.0.4 and lower.
More recent releases APM SSO 13.0 and 13.1 no longer use shared memory to communication with SSO(Siteminder).
As a result, the shared memory file, 'IntroscopeAPI.shm, no longer exists.
Per Engineering, the reason why SMM Agent changes IntroscopeAPI.shm file permission to 666 from default 600 is because the IntroscopeAPI.shm file is a shared segment which contains the metric data of Siteminder.
This data needs to be read by SMM which can be any user. The data written to this shm file is by either Apache daemon process or Policy Server user which can be any user. Writing to the IntroscopeAPI.shm file can be a different users and reading from this shm file can be a different user. To keep this shm file access by both group of users, we modify the shm file permission to contain 666 which gets created on startup.