I would like to know the best practices for a user permissions to install an agent on the technologies/platforms e.g. JVM/Web/MQ & SUN/AIX/Linux/Windows etc…
Our current scenario is that we have created a group called APM and a local user xyz which is the member of APM group and a folder/file-system /opt/apm on each host/machine to install the DynaTrace Agent and gave a full permissions to
this Group (APM) on this folder/file-system (apm).
Now before installing/extracting JVM we gave the full permissions to this user (xyz) on the WAS Admin Group and the Full Access to WAS Admin Group to the APM Group and vice versa for all other platforms.
Can anyone please explain me the following:
Solved! Go to Solution.
This is quite a big topic, given that you want an answer for every combination of agent and operating system! I'll give you some general principles which will help in many cases.
When you install an agent or agents on Windows, you should be logged in as a user with administrator rights. You don't have to "run as administrator". The application process that the agent library is loaded into (e.g., IIS, a worker process, or a JVM) should run as a user who has "full control" of the entire Dynatrace install directory. This user should also be a member of the performance monitoring group -- so the agent can collect perfmon data.
When you install an agent or agent on Linux / Unix, you should not run the installer as root. Best practice is to log in as the user who is running the application, so that this user owns the Dynatrace install directory. Alternatively, you can chown the entire Dynatrace install directory to the right user. Obviously, if you're monitoring different application processes that run under different users, this doesn't apply, and you should chmod the Dynatrace install directory so that each of the users has full access to the directory.
What you've suggested -- a group for Dynatrace to which the application user belongs -- is perfectly OK as long as the result is that the user that runs the application has full access to the entire Dynatrace install directory.
Let us know if you need more details!