18 Oct 2022 06:38 PM - last edited on 20 Oct 2022 08:54 AM by MaciejNeumann
Hello.
At some stage I got such a file on a OneAgent'ed Unix system AIX full-stack (though my sysadmins tell me it happened also on Linux infra-only system) with other+rwx Unix file permission :
/var/lib/dynatrace/oneagent/agent/runtime/0x18eba097bca4a740_java_901179/dump/classes/original/com/ibm/mq/MQEnvironment.class,
Octal permissions: 0777, Text Permissions: -rwxrwxrwx-, owner: <AppUnixTechUser>, group: <AppUnixTechUserGroup>
with <AppUnixTechUser> and<AppUnixTechUserGroup> *not* being root:root (neither dtuser:dtuser, which btw does not exist on AIX system).
It makes unix file permission compliance health check raise incidents.
Is see this type of question is not really new. I can find in RFE and Questions, things relating to log files though, not /var/lib/dynatrace :
Is anyone facing this issue? Anything we can do? Removing o-wx permission would be nice.
Regards.
For the record: ticket: https://one.dynatrace.com/hc/en-us/requests/83978
Solved! Go to Solution.
19 Oct 2022 12:24 PM
Hmmm... there... in the Manual :
https://www.dynatrace.com/support/help/shortlink/oneagent-security-linux#globally-writable-directori...
https://www.dynatrace.com/support/help/shortlink/oneagent-security-aix#globally-writable-directories
"Globally writable directories
The OneAgent directory structure contains globally writable directories (1777 permissions). Changing these permissions by users is not supported."
Sorryyyy. 😉