Documentation forSolarWinds Platform Self-Hosted

Credentials and privileges used on Linux/Unix-based computers

This topic applies only to the following products:

SolarWinds Observability Self-Hosted

DPAIMNAMSAM

Agents installed on Linux/Unix-based computers can use three different credential sets to install and configure the agent. During this process, a service account is created to run the agent service.

You need sufficient privileges to be able to do the following to install and configure the agent:

  • open an SSH connection remotely
  • SFTP or SCP
  • install software
  • create a user
  • create a group

Credentials are used to install and configure the agent and are not used at any other time. You may remove the credentials from the credential store once the agent is deployed.

SSH credentials

Agent installations require a credential set that allows the user to open an SSH session from a remote computer. This can be provided as either a user name and password or as a certificate.

Verify the credentials by opening an SSH connection to the remote computer.

For Linux/Unix-based computers, you may need to include another set of credentials to use su or sudo for package installation. You can add these credentials selecting the Include Credentials with Elevated Privileges.

Certificate credentials

You can use any certificate-based credential that is supported by SSH. Upload a private key file or paste the private key in PEM format.

Credentials with elevated privileges

To install the package, you need credentials with administrator or root-level privileges. Depending on your network security policies, some Linux/Unix-based computers do not allow user accounts to connect remotely and install software. If this applies to the computer you want to monitor, you can select Include Credentials with Elevated Privileges and enter credentials that have the correct privileges. Most Linux/Unix distributions require the user's password when using sudo. Other distributions, such as SUSE, may require the root password. Depending on your Linux/Unix distribution, enter the required credential for the Include Credentials with Elevated Privileges to install the package.

When this is selected, we connect to the Linux/Unix-based computer using the provided SSH credentials and then switch users to the account with elevated privileges to install and configure the agent.

SNMP credentials

Select Include SNMP Credentials to collect SNMP data to use in Hardware Health, Asset Inventory, and SNMP component monitor information. This is required if SNMP v3 is installed. The agent software detects if you have SNMP installed on the computer and attempts to use your established SNMP credentials. No data is collected if the agent does not have the correct SNMP credentials.

Hardware Health and Asset Inventory are not supported on AIX devices.

Service account privileges

When the agent software is installed, we create a service account (SWIAgent), and add it to its own group.

This account does not have remote access privileges and cannot be used to log in to the computer.

The service account is used to run the swiagentd service. When updating the agent, a second service runs (swiagentd.update) for the duration of the update.

The service account and group are removed when the agent is deleted from the node.

For SAM users, if you do not enter credentials or select Inherit from node, the monitor executes the script under the agent credentials (swiagent). These credentials may not have the elevated permissions required for executing scripts.

Folder permissions

The swiagent user needs to have read and execute operations rights (r-x) for all folders from the root folder to the Agent directory.

  • For directories owned by the swiagent user, the owner permission set is relevant.
  • For directories not owned by swiagent but belonging to a group swiagent is a member of (only the swiagent group by default), the group permissions are relevant.
  • For all other cases, the others permissions are relevant.

List of folders the swiagent user needs to have read and execute operations rights

/opt
/opt/Solarwinds
/opt/Solarwinds/Agent
/opt/Solarwinds/Agent/bin
/dev/shm - only Linux, not AIX

List of required permissions

drwxr-xr-x    3 root     root*            256 Sep 02 01:51 SolarWinds
drwxr-x---    5 swiagent swiagent        256 Sep 02 01:51 Agent

* root in Linux; on AIX agents, it is bin.

List of permissions for the Agent folder

-rwxr-----    1 swiagent swiagent        254 Sep 02 01:51 .profile
drwxr-x---    2 swiagent swiagent        256 Sep 02 01:51 lib
drwxr-x---    2 swiagent swiagent        256 Sep 02 01:51 lib64
drwxr-x---    5 swiagent swiagent       4096 Sep 02 01:55 bin

List of permissions for the bin folder

-rwxr-x---    1 swiagent swiagent       9470 Jun 10 08:35 swiagentaid.sh
-rw-rw----    1 swiagent swiagent       3906 Jun 10 09:53 swiagent.cfg.template
-rwxr-x---    1 swiagent swiagent   29222559 Jun 10 09:53 swiagent
drwxr-x---    2 swiagent swiagent       4096 Sep 02 01:52 cert
-rw-r-----    1 swiagent swiagent       4278 Sep 02 01:54 swiagent.cfg
drwxr-x---    6 swiagent swiagent        256 Sep 02 01:54 appdata
lrwxrwxrwx    1 swiagent swiagent         66 Sep 02 01:55 python3 -> /opt/SolarWinds/Agent/bin/Plugins/Python3/opt/freeware/bin/python3
lrwxrwxrwx    1 swiagent swiagent         66 Sep 02 01:55 python2 -> /opt/SolarWinds/Agent/bin/Plugins/Python3/opt/freeware/bin/python3
drwxr-x---    9 swiagent swiagent       4096 Sep 02 01:55 Plugins

List of permissions for /dev/shm (only Linux; not required for AIX):

drwxrwxrwt.  2 root root         240 Jan 26 16:17 shm