HP Operations Manager for Windows

ovswitchuser


NAME

ovswitchuser

- run the HP Operations Manager agent processes under a non-administrative account (not the root account).

SYNOPSIS

ovswitchuser  -h | -help 
ovswitchuser  -v | -version 
Note NOTE:
Stop all HP Operations processes on the system before applying an ovswitchuser command to change the user account that you want to use for the HP Operations processes.

Use the following command:

ovc -kill

UNIX only:

ovswitchuser.sh  -existinguser <userName> | -existinguserID <userID> -existinggroup <groupName> | -existinggroupID <groupID>[-passwd <passwd>] | -setgroup <package> 

Windows only:

Note NOTE:
On Windows, the user that is specified with ovswitchuser needs to have the Log On as a Service permission.
cscript ovswitchuser.vbs  -existinguser <userName> | -existinggroup <groupName> | [-passwd <passwd>] 

DESCRIPTION

By default, the HP Operations core processes run under the root/administrator account. The ovswitchuser command allows you to run the HP Operations processes under a non-administrative account. The group ownership of all registered HP Operations component product files and directories of <OVDataDir> is changed. The specified user is added to the group, and the core HP Operations processes are started under this user account. Boot scripts are changed to allow daemons and services to run under non-root, non-administrative accounts, and to modify the operating-system-specific registration of daemons and services, so HP Operations processes start under the specified user.

The ovswitchuser command also stores information about the specified group in the HP Operations configuration file.

The non-root concept relies on the user, under which the agent runs, belonging to a specific UNIX group. As a result, you must set the group bits of any files that are created by HP BTO Software applications. This allows HP BTO Software applications to be run under dedicated users, if required, while sharing the same resources (for example, log files.) Therefore, it is recommended to set the unmask appropriately for the users that are used to run HP BTO Software applications.

An unmask setting of 02 is preferable. The setting 022 causes problems when multiple applications are run under different users.

If all HP BTO Software applications run under the same user, the unmask setting is not required.

If the HP Operations Communication Broker is running, the port that it uses must be 1024 or greater, or you must set the switchuser bit to ovbbccb. You may need to change the port number on both communication systems. For exact details, refer to product documentation.

To check if the Communication Broker is running, execute the following command:

/opt/OV/bin/ovc -status

It is running if there is the following entry:

ovbbccb          OV Communication Broker    CORE    (****)    Running

If the Communication Broker is running, set the port number to 1024 or greater, or set the switchuser bit to ovbbccb.

Example command for the node mynode:

ovconfchg -ns bbc.cb.ports -set PORTS mynode:1024

For further details, refer to the Communication Broker man pages.

It is also recommended that you specify the domain for the system.

Example:

ovconfchg -ns bbc.http -set DOMAIN mydomain.com

For further information, refer to the ovconfchg(1), ovconfget(1), bbc.ini(4), and ovbbccb(1) man pages.

Caution CAUTION:
Usage restrictions and further considerations may apply, depending on the HP BTO product being used. Some HP BTO products must be run under the root/administrative account. Do not use the ovswitchuser functionality in these environments. Before attempting to change the user account with the ovswitchuser tool, refer to the product documentation.

Parameters

ovswitchuser recognizes the following options:

-h | -help
Displays the options for the ovswitchuser command.

-version
Displays the version number of the cross platform component.

-existinguser <userName>
Specifies an existing user <userName> who can run the HP Operations processes.

-existinguserID <userID>
UNIX only: Specifies an existing user <userID> under which to run the HP Operations processes.

-existinggroup <groupName>
Specifies an existing group <groupName> that can run the HP Operations processes. The <userName> specified with the -existinguser parameter is added to this group if the <userName> does not belong to this group.

-existinggroupID <groupID>
UNIX only: Specifies an existing group <groupID> under which to run the HP Operations processes.

[-passwd <passwd>]
Microsoft Windows only: If you use the -passwd option to specify the password of the user <userName> defined in -existinguser, the password is used as a logon for the HP Software services, which are started. For security reasons, a password is required to start the HP Software services. So, if you choose not to specify a password here, you have to enter the password manually in the Services dialog when you start the HP Software services after the ovswitchuser command completes.

-setgroup <package>
Sets group ownership for the specified package defined in the XPL configuration.

AUTHOR

ovswitchuser was developed by Hewlett-Packard Company.

EXAMPLES

To set ownership of all the installed package files to the group defined in <groupName>=OV_group and the user defined in <userID>=1000:

ovswitchuser.sh -existinguserID 1000 -existinggroup OV_group

SEE ALSO

ovconfchg(1), ovconfget(1), bbc.ini(4), ovbbccb(1).