Bug #33778 Agent should have a --user option to be able to run as a non-privileged user
Submitted: 9 Jan 2008 17:37 Modified: 27 Feb 2009 15:18
Reporter: Harrison Fisk Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Enterprise Monitor: Agent Severity:S4 (Feature request)
Version:1.2.0 OS:Linux
Assigned to: MC Brown CPU Architecture:Any

[9 Jan 2008 17:37] Harrison Fisk
Description:
The agent should be able to run fine as a non-root user.  The startup scripts always start it as root however.  It would be easier to set it to run as a non-root user if the agent accepted a --user option to be able to run as a non-root user automatically.

How to repeat:
Try to run as a non-root user, notice you need to edit the startup scripts.

Suggested fix:
Add a --user option.
[17 Oct 2008 11:57] Kay Roepke
A patch has been submitted and will be integrated into the 2.0 agent/proxy codebase soon.
[11 Nov 2008 16:40] Kay Roepke
fix has been pushed

The chassis has a new option --user to drop privileges after being started as root.
Note, this does not work when not started as superuser, nor on Windows.
[9 Jan 2009 20:17] Diego Medina
Verified fixed on 2.0.2.7128
[10 Jan 2009 0:07] Andy Bang
Let's not document or close this until we add the corresponding data entry item to the installer.
[10 Jan 2009 0:08] Andy Bang
BitRock,

Please add a new dialog box to the agent installer.  The dialog should be titled "User Account".  It should have the following text near the top:

  "The agent does not need to run with root user privileges.
   The agent will switch to the user account provided below
   when started by the root user."

Below that there should be a single textfield with the label "User Account".

This dialog should appear just after the "MySQL Enterprise Monitor Options" dialog and just before the "Configuration Report" dialog.

The user account should appear in the configuration report.

A new parameter should be added to the mysql-monitor-agent.ini file: user=xxx, where xxx is the value entered in the textfield.
[12 Jan 2009 16:49] BitRock Merlin
Patch sent to Keith.

We have implemented a new "User Account" page that will only be shown when the user starts the installer as root user on Unix platforms (not Windows). The default user is "root" and the installer will check if the specified user exists on the system.

The upgrade checks if this parameter exists in the previous mysql-monitor-agent.ini and only if it does not the new "User Account" page will be shown to the user. Please let us know if this approach is valid for you.
[21 Jan 2009 15:09] Keith Russell
Patch installed in versions => 2.1.0.1003.
[24 Feb 2009 22:30] Diego Medina
Verified fixed on 2.1.0.1011
[27 Feb 2009 15:18] Tony Bedford
A "change" entry was added to the 2.1.0 changelog:

The agent should be able to run as a non-root user. However, the startup scripts always started it as root.

The agent chassis now has a new option --user to drop privileges after being started as root. Note, this does not work when not started as superuser, nor on Windows.

A new dialog box has also been added to the agent installer. The dialog has the following text: “The agent does not need to run with root user privileges. The agent will switch to the user account provided below when started by the root user.”

The dialog also has a text field to allow the entry of the user account.

A new parameter was also added to the mysql-monitor-agent.ini file. The parameter has the format user=xxx, where xxx is the user account to be used.