Execute TUAM ewas under a non-root user

Technote (FAQ)


Question

Can TUAM (Tivoli Usage Account Manager) be run using a non-root user ?

Answer

Yes. Below there are the steps to be executed in order to be able to run TUAM using a non-root user:
1. stop TUAM server:
/opt/IBM/tivoli/tipv2Components/TCRComponent/bin/stopTCRserver.sh

2. change ownership of all directories under /opt/IBM/tivoli :
chown -R virtuser /opt/IBM/tivoli/tipv2
chown -R virtuser /opt/IBM/tivoli/tipv2Components
chown -R virtuser /opt/IBM/tivoli/tcr
chown -R virtuser /opt/IBM/tivoli/tuam

3. update the inittab's startup script:
su - virtuser -c "<existing start/stop script>"

In the file: /etc/init.d/rc.IBMTCR replace the line:
$TCR_HOME/bin/startTCRserver.sh
with:
su - virtuser -c "$TCR_HOME/bin/startTCRserver.sh"

4. start TUAM server with virtuser using the inittab's startup script. Then, reboot the TUAM image.
As a result of this procedure TUAM server will be started as non-root user (virtuser). So it works fine for starting TUAM. But ONLY for starting the server.

The transfer of the metering files from TSAM image is NOT possible in the above solution, due to the fact that virtuser user is not authorized to connect to TSAM image via SSH.

To make this procedure complete you need to authorize virtuser on TSAM image, by running these steps:

1. On TUAM image as virtuser in home directory (/home/virtuser) create the .ssh directory:
mkdir .ssh

2. On TUAM image as virtuser create the virtuser's key:

ssh-keygen -t rsa

- choose the default location of id_rsa file
- do not type any passphrase

There should be two new files in /home/virtuser/.ssh directory:

id_rsa and id_rsa.pub

3. On TUAM image as root copy the root's known_hosts file:

cp /root/.ssh/known_hosts /home/virtuser/.ssh/
chown virtuser /home/virtuser/.ssh/known_hosts

4. On TIVSAM image as root copy the id_rsa.pub key to TUAM image:

scp /root/.ssh/id_rsa.pub root@<hostname_of_tuam>:/tmp/

5. On TUAM image as virtuser add the copied id_rsa.pub to authorized_keys:
touch /home/virtuser/.ssh/authorized_keys
cat /tmp/id_rsa.pub >> /home/virtuser/.ssh/authorized_keys

6. On TUAM image copy the virtuser's id_rsa.pub file to TSAM image:

scp /home/virtuser/.ssh/id_rsa.pub root@<hostname_of_TSAM>:/tmp/

7. On TIVSAM image as root add the copied key to authorized_keys:

cat /tmp/id_rsa.pub >> /root/.ssh/authorized_keys

8. In TUAM TIP portal go to Task Management > Job Runner > Job Files and in the file: FileTransferSSH.xml change the line:
<Parameter KeyStoreFileName="/root/.ssh/id_rsa"/>
to:
<Parameter KeyStoreFileName="/home/virtuser/.ssh/id_rsa"/>

Save the file.

9. Reboot the TUAM image.

10. To be sure that this works fine now, on TUAM image as virtuser try to connect to TIVSAM image via ssh:

ssh root@<hostname_of_tsam>

You should be logged in immediately, without asking for the password or accepting the rsa key.

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Service Delivery Manager
On X

Software version:

7.2.2

Operating system(s):

Linux

Reference #:

1617024

Modified date:

2014-09-15

Translate my page

Machine Translation

Content navigation