Site24x7 Linux Agent modifications to "/etc/passwd" and "/etc/shadow" files - FIM Events
Scenario
You may see the Site24x7 Linux agent modifying files associated with the operating system.
Reason
The /etc/passwd and /etc/shadow files are critical operating system files that store user account information on a server. The Site24x7 Linux agent interacts with these files specifically to manage the site24x7-agent user account, which is essential for its proper functioning and security.
The Site24x7 Linux agent will modify the /etc/passwd and /etc/shadow files exclusively for the site24x7-agent user under the following circumstances:
- Upon installation of the Site24x7 Linux agent on a server, the agent utilizes the useradd command to create the dedicated site24x7-agent user. This action results in the creation of a new entry for the site24x7-agent user, including its details, within both the /etc/passwd and /etc/shadow files.
- When the Site24x7 Linux agent is upgraded to version 19.6.0 or any subsequent version from an older release, a modification occurs in the /etc/passwd file. The purpose of this modification is to change the "site24x7-agent" user's login shell to /sbin/nologin. This change enhances security by preventing direct interactive logins for the agent user, a feature supported from the Linux agent version 19.6.0 onwards.
- During the uninstallation process of the Site24x7 Linux agent, the agent executes the "userdel" command to remove the "site24x7-agent" user account from the server. The execution of the "userdel" command subsequently modifies both the /etc/passwd and /etc/shadow files to remove the corresponding user entries.
All modifications detailed above are strictly limited to the "site24x7-agent" user. This is because the agent specifically invokes the "useradd" and "userdel" utilities with the "site24x7-agent" username specified, ensuring that no other user accounts are affected.
Action
No action is required from your end.
Related Articles
Troubleshoot the Unauthorized user (Error 401) when installing Tomcat plugins
When installing Tomcat plugins, you may encounter the following error: Unauthorized user. Does not have permissions. HTTP Error 401: This error usually occurs when the user accessing the Tomcat Manager application does not have the necessary ...How to configure the NGINX status page for monitoring NGINX performance
The NGINX plugin uses the NGINX status page to pull the performance metrics of the NGINX server. You may encounter the following errors while installing the NGINX plugin integration: Error_code : HTTP Error 404: This error usually indicates that the ...Troubleshoot the "pymysql module not found" error when installing the MySQL plugin
If you're encountering the pymysql module not found error, it likely means that the pymysql Python library is not installed on the server. pymysql is a Python package that provides a way to interact with MySQL databases using Python code and is used ...Troubleshoot the Error 404 and Error 99 for RabbitMQ
When installing the RabbitMQ plugin, you may encounter the following errors: HTTP Error 404: Not Found: This error usually occurs when Site24x7's RabbitMQ monitoring plugin attempts to access the /api/overview page of RabbitMQ, but the resource ...No data for service and process in Windows server monitor
If you see "No Data" for process and service metrics (such as CPU or memory usage of monitored services) in the Site24x7 Windows server monitor user interface, follow the troubleshooting steps below. Run PowerShell Commands Open PowerShell as ...