Running the process agent as a privileged user

Use this procedure to set up a process agent to run as a privileged user.

1. Install and run the primary process agent as a privileged user, and configure it to run on the host machine using the start-up script (UNIX) or using a service (Windows).
2. Run a secondary process agent as a non-privileged user, and configure it to execute external ObjectServer actions. You must also configure it to run in non-daemon mode, as a child process of the primary process agent. Therefore, you must create an additional process entry in your primary process agent configuration file, as shown in the following example:

   nco_process 'NON_ROOT_PA'
   {
   Command '$OMNIHOME/bin/nco_pad -name NON_ROOT_PA -nodaemon -configfile 
   $OMNIHOME/etc/NON_ROOT_PA.conf' run as 1000
   Host = 'hostx'
   Managed = True
   RestartMsg = '${NAME} running as ${EUID} has been restored on ${HOST}.'
   AlertMsg = '${NAME} running as ${EUID} has died on ${HOST}.'
   RetryCount = 0
   ProcessType = PaPA_AWARE
   }

   Additional notes:
   • In the previous example, the secondary process agent is set to start as user 1000 (UID). It is also set to start with the -nodaemon start-up switch. This prevents it from forking to a child process, and allows it to be managed by the primary process agent.
   • You must define a configuration file for the secondary process agent. The permissions for the configuration file must enable it to be accessed by the user account that is running the secondary process agent.
   • You must modify the properties file associated with the ObjectServer which is currently running as a process under the primary process agent. This includes setting the following properties: PA.Name, PA.Username, and PA.Password.