Hi All, In our production environment all agents are running in root mode , hence we do not need to mention password for different 'owner' (user id ) to execute jobs. Now Security team has raised concern & want to run all agent in non root mode.
Could you please help me to clear my following doubts :
1.Will Control M Operator ( With access to EM GUI , Desktop ) be able to create job with owner as 'root' & thus able to submit jobs as root ?
2.If ans to 1. is Yes - Is there any easier option to stop this ? So that though agent will run in 'root' mode but no job can be submitted as owner 'root ' from Control M?
3. Which is the best practice ? Is there something recommended by BMC on this - (like running agent in 'root mode' is preferred / running agent in 'non root mode' is preferred etc.)
|