APM Siteminder Manager agent for webagent changes permissions IntroscopeAPI.shm file

Document ID : KB000074771
Last Modified Date : 27/03/2018
Show Technical Document Details
Question:
  Why does the APM Siteminder agent (SMM) for webagent change permissions for the IntroscopeAPI.shm file?

 
Environment:
  Siteminder Manager Agent (SMM) 12.0.4 and lower.  
    More recent releases APM SSO 13.0 and 13.1 no longer use shared memory to communication with SSO(Siteminder).
    As a result, the shared memory file, 'IntroscopeAPI.shm, no longer exists.
Answer:
   Per Engineering, the reason why SMM Agent changes IntroscopeAPI.shm file permission to 666 from default 600 is because the IntroscopeAPI.shm  file is a shared segment which contains the metric data of Siteminder.
    This data needs to be read by SMM which can be any user. The data written to this shm file is by either Apache daemon process or Policy Server user which can be any user. Writing to the IntroscopeAPI.shm file can be a different users and reading from this shm file can be a different user. To keep this shm file access by both group of users, we modify the shm file permission to contain 666 which gets created on startup.