The Community is now in read-only mode to prepare for the launch of the new Flexera Community. During this time, you will be unable to register, log in, or access customer resources. Click here for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[FlexNet Manager Suite] Sudo rm required with NOPASSWD but not available at customer site

marcog
By
Level 8

Hi,

I'm approaching FNMS for a zero-footprint inventory at customer site.

Customer provided all sudo privileges for the flexera user as documented for 2019R2 version. But when I run the inventory I got the following error about "rm" and "date". I'm attaching Solaris screenshot but this happens also on RHEL and AIX.

sudo date solaris.PNG

sudo rm solaris.PNG

I've been able to receive date privileges (but why is needed to be run with sudo), but customer doesn't want to provide rm in sudo for flexera user because of security rules, and this also is not documented in flexera.

So I was wondering, how can I solve this error without sudo privileges?

Is there a way I can customize that command to run it without sudo? (all files listed are owned by flexera user so there is no need of elevation to sudo)

Thanks for your answers!

MG

(6) Replies

mag00_75
By Level 8 Champion
Level 8 Champion
Hi

Not the answer to your question but another way to approach the Nix-team.
We had several internal discussions with our team in ways to solve the inventory, it ended up in having a local cron job that runs the ndtrack.sh
In that way they had 100% control themself , one disadvantage is however you need to have mechanism in place to rollout updates and especially inventorysettings.xml

ChrisG
By Level 20 Flexeran
Level 20 Flexeran

The "sudo date" command is executed in order to test whether the account used for remote execution is able to successfully elevate privileges on the target device.

I can't think of any way to get the system to run the "rm" command to clean up files used during the inventory gathering process without sudo (or priv or another similar tool). However if you are OK for the ndtrack.sh, ndtrack.ini and InventorySettings.xml files to be left on computers after the process has terminated, you could try configuring the following registry entry on your beacon server(s):

HKLM\SOFTWARE\WOW6432Node\ManageSoft Corp\ManageSoft\RemoteExecution\CurrentVersion\UnixAgentRemoveCommand = echo

I haven't tested this, but I am thinking that this will change the behavior so that instead of executing "sudo rm -f ./ndtrack.sh ..." it will execute a more innocuous "sudo echo ./ndtrack.sh ...".

I recommend considering an approach along the lines of what @mag00_75 has suggested: you may find it is more effective for production use to find another way to execute the ndtrack.sh process than using the zero-touch inventory gathering approach that is built in to FlexNet Manager Suite.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

Thanks, I will try it.

Unfortunately this did not work and the error remains the same.

ChrisG
By Level 20 Flexeran
Level 20 Flexeran

Ahh, I made a typo in the name of the registry entry sorry. It should be UnixAgentRemoveCommand rather than UnitAgentRemoveCommand. I'll correct the original post.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

Aren't any other solution we can apply?