Why is "root" id required for installing EEM?

Document ID : KB000022065
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

EEM embeds CA Directory and CA iGateway and the EEM installer makes a call the installer of both these applications. We need the root login to perform certain operations on the OS which are required from CA Directory and iGateway point of view. There is no way to go around this, except have a 'sudo' to root after being logged in as a non-root user.

Solution:

The CA Directory installer requires 'root' privileges in order to perform a number of installation functions. A lot of these cater for legacy situations, such as upgrading from CA Ingres to the newer DXgrid back-end, whereas others are required in all cases. The CA Directory installer can be run under 'sudo' if the user is unable to login interactively as the root user.

'root' privileges are required for the following:

  • Setting file ownership and the setuid bit on 'dxserver' and 'ssld' (ssld is only present prior to r12.0 SP2) to allow registering ports below 1024

  • Setting file and directory permissions

  • Switching environments and effective userids between 'root', 'dsa' and 'ingres' when upgrading from non-DXgrid releases

  • Determining the existence of, or creating, the userid 'dsa'

  • Installing CA Shared Components (ETPKI, CA-OpenSSL, etc...)

  • Installing system startup scripts (/etc/init.d, /etc/rc?.d)

  • Rollback in the event of an installation failure

iGateway server is a daemon and installs run level scripts so that it can start/stop with the system.

Secondly it modifies a file called /etc/profile.CA which is sourced in /etc/profile file which gets invoked during system startup.

Modifying these files requires root credentials during installation.

On a side note iGateway provides host based authentication mechanism as well which requires querying shadow password files which is not allowed for normal user and only root or equivalent user can do that.