Agent Third-Party Deployment: Configuring the Operation Mode on UNIX
FlexNet Manager Suite ()
Before the installation, you can configure to install the FlexNet Inventory Agent into either of the following two operation modes on the target UNIX system:
- Default operation mode—The installed agent will run as the
rootuser and requires fullrootaccess. - Least privilege operation mode—The installed agent will run as the
flxrasvcstandard user.
Important: You can upgrade an existing agent that has been installed for the default operation mode to the least privilege operation mode. However, if an agent has been installed for the least privilege operation mode, you cannot change it to the full privileged default operation mode. To change an agent from the least privilege operation mode to the default operation mode, you must uninstall and re-install the agent.
Important: If an agent has been installed for the least privilege operation mode, it is not able to perform self-upgrade to new versions.
Configuring for the default operation mode
By default, an agent will be installed or upgraded for the default operation mode. However, if you are upgrading an existing agent from the least privilege operation mode to the default operation mode, make sure that your bootstrap configuration file is correctly configured for the default operation mode. For details, see Agent Third-Party Deployment: Configuring the Bootstrap File for UNIX.
Configuring for the least privilege operation mode
To install the agent for the least privilege operation mode on UNIX, you need to complete the following tasks before the installation:
-
Configure the bootstrap file for the least privilege operation mode by following the instructions in Agent Third-Party Deployment: Configuring the Bootstrap File for UNIX.
-
Make sure
sudois installed on the target UNIX system and the path to thesudobinary is set in thePATHenvironment. -
Configure
sudoon the target UNIX system to grant privilege to the required tools according to the following table. For a samplesudoersfile to configuresudo, see Agent Third-Party Deployment: Sample Sudoers File.Important:
-
Always use
visudoto edit and verify asudoersfile, and ensure the changes do not corrupt thesudoersfile which can causesudoto be inoperable. -
Some systems (notably Red Hat) have a sudoers entry
Defaults requirettythat prevents runningsudowhen nottyis present. The agent requestssudoto run without any prompts, but this entry still causessudoto fail without atty, which will result in the agent being unable to launch necessary utilities throughsudoeven though the sudoers file has granted them the access. To avoid this issue, theDefaults requirettyentry must be removed from the sudoers file. For more information, see Bug 1020147 on Red Hat Bugzilla. -
Some systems (notably Red Hat) might require the EXEC option to be set in the
sudoersfile for the execution of Java binaries to get version and product information. For example:flxrasvc ALL=(ALL) EXEC: NOPASSWD: FLEXERAOS, FLEXERA
The following table provides information about which tools require
sudoprivilege on which platforms for an agent running in the least privilege operation mode. -
| Tool/Path | Tool function | Platform requiring `sudo` privilege | Consequence of missing `sudo` privilege |
|---|---|---|---|
| **Non-Flexera tools** | |||
| - `/sbin/ifconfig` or `/usr/sbin/ifconfig` - and `/usr/sbin/dladm` | Obtain network interface data | Solaris | Network interface data missing |
| `/usr/sbin/dmidecode` | Obtain hardware serial number | Linux x86 Solaris x86 | Serial number missing |
| `/usr/sbin/sysctl` | Obtain TCPKeepAlive information | macOS | TCPKeepAlive information missing |
| `db2licm`**Note:** The path to `db2licm` depends on where DB2 is installed. That path needs to be added to sudoers. | Launched to obtain inventory for IBM DB2 | All supported Unix platforms | IBM DB2 inventory missing or incomplete |
| `/usr/sbin/subscription-manager` | Obtain Red Hat subscription information | Linux | Subscription data missing |
| **Flexera agent tools****Note:** Paths to Flexera agent tools are dependent on where the agent is installed. The default base installation path is `/opt/managesoft/`. Your custom installation path might be different if your platform supports custom installation path. For a list of platforms that support custom installation path, see Agent Third-Party Deployment: Installing FlexNet inventory agent on UNIX. | |||
| `/opt/managesoft/libexec/flxecmc` | Obtain hardware properties used to generate and validate the local agent ID | Linux**Note:** Sudo privilege for flxecmc should not be revoked once it has been provided on any given Linux machine. Doing so will cause the agent ID to not be reported even if the machine currently has a valid ID. | Agent ID not generated or an existing ID not validated |
| `/opt/managesoft/libexec/flxfsscan` | Run file system scan and provide ability to read file data and metadata | All supported Unix platforms | Data missing on inventory reliant on file scan \(Oracle, Oracle FMW, Java, Jboss, supported installation evidence types\) |
| `/opt/managesoft/libexec/flxoracleinv` | Provide impersonation for running Oracle database queries scripts used in obtaining Oracle inventory | All supported Unix platforms | Oracle database inventory missing |
| `/opt/managesoft/libexec/flxping` | Implement custom ping support for `MgsPing` net selector algorithm | All supported Unix platforms | `MgsPing` net selector algorithm failing to rank multiple beacon connections |
| `/opt/managesoft/libexec/flxps` | Obtain currently running process data | All supported Unix platforms | Data missing on inventory reliant on running process data \(usage, Oracle, Oracle FMW, Java, and IBM MQ\) |
| `/opt/managesoft/libexec/flxsysinfo` | Obtain local disk drive data | Linux | Disk drive data missing |
| `/opt/managesoft/libexec/flxupgrade` | Runs platform specific install packages to support self-upgrade | All supported Unix platforms | Least privilege agents will not be able to support self-upgrade. This tool can be ignored for customers that do not use the agent's self-upgrade functionality. |
For more details about the least privilege operation mode, such as what happens at installation, what processes are launched and how to run agent component directly after the installation, see Agent Third-Party Deployment: Least Privilege Operation Mode.
2025 R1.1Parent topic:Agent Third-Party Deployment: Installing FlexNet inventory agent on UNIX