For security compliance is it possible to remove the setUID bit from the 2 Tim /opt/CA/APM/tim/system/bin files suidwrapper & webrequestid.

Document ID : KB000016237
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

For security compliance is it possible to remove the setUID bit (sticky bit) from the 2 Tim /opt/CA/APM/tim/system/bin files suidwrapper & webrequestid ?

-rwsr-xr-x 1 root root 7083 Feb 9 2017 suidwrapper 

-rwsr-xr-x 1 root root 61112 Feb 9 2017 webrequestid

Environment:
APM Tim 9.x, 10.x
Answer:

It is not possible to remove the setUID bit on the files suidwrapper & webrequestid without impacting the Tim Setup web page access.

If the setUID bit is removed loading of the Tim Setup web page will fail with message: "Status: 200" 

The "apache" user who owns the Tim web server httpd process needs to execute those programs with the owner ("root)" permissions.