NAME
ovswitchuser
- run the HP Operations Manager agent processes under a
non-administrative account (not the root
account).
SYNOPSIS
ovswitchuser -h | -help
ovswitchuser -v | -version
ovswitchuser
command to change the user account that
you want to use for the HP Operations processes.
Use the following command:
ovc -kill
UNIX only:
ovswitchuser.sh -existinguser <userName
> | -existinguserID <userID
> -existinggroup <groupName
> | -existinggroupID <groupID
>[-passwd <passwd
>] | -setgroup<package>
Windows only:
ovswitchuser
needs to have the Log On as a
Service
permission.cscript ovswitchuser.vbs -existinguser <userName
> | -existinggroup <groupName
> | [-passwd <passwd
>]
DESCRIPTION
By default, the HP Operations core processes run under the
root/administrator account. The ovswitchuser
command
allows you to run the HP Operations processes under a
non-administrative account. The group ownership of all registered
HP Operations component product files and directories of
<
OVDataDir
>
is
changed. The specified user is added to the group, and the core HP
Operations processes are started under this user account. Boot
scripts are changed to allow daemons and services to run under
non-root, non-administrative accounts, and to modify the
operating-system-specific registration of daemons and services, so
HP Operations processes start under the specified user.
The ovswitchuser
command also stores information
about the specified group in the HP Operations configuration
file.
The non-root concept relies on the user, under which the agent runs, belonging to a specific UNIX group. As a result, you must set the group bits of any files that are created by HP BTO Software applications. This allows HP BTO Software applications to be run under dedicated users, if required, while sharing the same resources (for example, log files.) Therefore, it is recommended to set the unmask appropriately for the users that are used to run HP BTO Software applications.
An unmask setting of 02 is preferable. The setting 022 causes problems when multiple applications are run under different users.
If all HP BTO Software applications run under the same user, the unmask setting is not required.
If the HP Operations Communication Broker is running, the port
that it uses must be 1024 or greater, or you must set the
switchuser
bit to ovbbccb
. You may need
to change the port number on both communication systems. For exact
details, refer to product documentation.
To check if the Communication Broker is running, execute the following command:
/opt/OV/bin/ovc -status
It is running if there is the following entry:
ovbbccb OV Communication Broker CORE (****) Running
If the Communication Broker is running, set the port number to
1024 or greater, or set the switchuser
bit to
ovbbccb
.
Example command for the node mynode
:
ovconfchg -ns bbc.cb.ports -set PORTS
mynode:1024
For further details, refer to the Communication Broker man pages.
It is also recommended that you specify the domain for the system.
Example:
ovconfchg -ns bbc.http -set DOMAIN
mydomain.com
For further information, refer to the ovconfchg(1), ovconfget(1), bbc.ini(4), and ovbbccb(1) man pages.
ovswitchuser
functionality in these environments.
Before attempting to change the user account with the
ovswitchuser
tool, refer to the product
documentation.Parameters
ovswitchuser
recognizes the following options:
ovswitchuser
command.
-existinguser
<
userName
>
<userName>
who can run the HP Operations processes.
-existinguserID
<
userID
>
<userID>
under which to run the HP
Operations processes.
-existinggroup
<
groupName
>
<groupName>
that can run the HP
Operations processes. The <userName>
specified with the -existinguser
parameter is added to
this group if the <userName>
does not
belong to this group.
-existinggroupID
<
groupID
>
<groupID>
under which to run the HP
Operations processes.
[-passwd
<
passwd
>]
-passwd
option to specify the password of the user
<
userName
>
defined in -existinguser
, the password is used as a
logon for the HP Software services, which are started. For security
reasons, a password is required to start the HP Software services.
So, if you choose not to specify a password here, you have to enter
the password manually in the Services dialog when you start the HP
Software services after the ovswitchuser
command
completes.
-setgroup
<
package
>
AUTHOR
ovswitchuser
was developed by Hewlett-Packard
Company.
EXAMPLES
To set ownership of all the installed package files to the group
defined in
<
groupName
>=OV_group
and the user defined in
<
userID
>=1000
:
ovswitchuser.sh -existinguserID 1000 -existinggroup
OV_group
SEE ALSO
ovconfchg(1), ovconfget(1), bbc.ini(4), ovbbccb(1).