Site24x7 Linux Agent modifications to "/etc/passwd" and "/etc/shadow" files - FIM Events
Scenario
You may see the Site24x7 Linux agent modifying files associated with the operating system.
Reason
The /etc/passwd and /etc/shadow files are critical operating system files that store user account information on a server. The Site24x7 Linux agent interacts with these files specifically to manage the site24x7-agent user account, which is essential for its proper functioning and security.
The Site24x7 Linux agent will modify the /etc/passwd and /etc/shadow files exclusively for the site24x7-agent user under the following circumstances:
- Upon installation of the Site24x7 Linux agent on a server, the agent utilizes the useradd command to create the dedicated site24x7-agent user. This action results in the creation of a new entry for the site24x7-agent user, including its details, within both the /etc/passwd and /etc/shadow files.
- When the Site24x7 Linux agent is upgraded to version 19.6.0 or any subsequent version from an older release, a modification occurs in the /etc/passwd file. The purpose of this modification is to change the "site24x7-agent" user's login shell to /sbin/nologin. This change enhances security by preventing direct interactive logins for the agent user, a feature supported from the Linux agent version 19.6.0 onwards.
- During the uninstallation process of the Site24x7 Linux agent, the agent executes the "userdel" command to remove the "site24x7-agent" user account from the server. The execution of the "userdel" command subsequently modifies both the /etc/passwd and /etc/shadow files to remove the corresponding user entries.
All modifications detailed above are strictly limited to the "site24x7-agent" user. This is because the agent specifically invokes the "useradd" and "userdel" utilities with the "site24x7-agent" username specified, ensuring that no other user accounts are affected.
Action
No action is required from your end.