cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Non root / dtuser file with perm o+777 / o+rwx in OneAgent dir /var/lib/dynatrace/oneagent/agent/runtime

gilles_tabary
Mentor

Hello.

At some stage I got such a file on a OneAgent'ed Unix system AIX full-stack (though my sysadmins tell me it happened also on Linux infra-only system) with other+rwx Unix file permission :

 

 

/var/lib/dynatrace/oneagent/agent/runtime/0x18eba097bca4a740_java_901179/dump/classes/original/com/ibm/mq/MQEnvironment.class,
Octal permissions: 0777, Text Permissions: -rwxrwxrwx-, owner: <AppUnixTechUser>, group: <AppUnixTechUserGroup>

 

 

 with <AppUnixTechUser> and<AppUnixTechUserGroup> *not* being root:root (neither dtuser:dtuser, which btw does not exist on AIX system).

 

It makes unix file permission compliance health check raise incidents.

 

Is see this type of question is not really new. I can find in RFE and Questions, things relating to log files though, not /var/lib/dynatrace :

Is anyone facing this issue? Anything we can do? Removing o-wx permission would be nice.

Regards.

 

For the record: ticket: https://one.dynatrace.com/hc/en-us/requests/83978

1 REPLY 1

gilles_tabary
Mentor

Hmmm... there... in the Manual : 

https://www.dynatrace.com/support/help/shortlink/oneagent-security-linux#globally-writable-directori...
https://www.dynatrace.com/support/help/shortlink/oneagent-security-aix#globally-writable-directories

 

"Globally writable directories
The OneAgent directory structure contains globally writable directories (1777 permissions). Changing these permissions by users is not supported."

 

Sorryyyy. 😉

Featured Posts