Start Agent Automatically Under A Dedicated Account

Not everyone can be root!

One of the first questions I get from customers about installing the Serena Deployment Automation (SDA) Agent on a Linux (or Unix) machine is… can I run the agent under a dedicated account (i.e. anyone but root)? And do you provide an init file?
The answer is…YES. Yes you can. Yes we do.
In fact, Serena recommends that you create a user account dedicated to run the agent on the machine. This allows you to control who can run what and allows you stay within the IT policy and procedures.
To configure the agent to run under a dedicated account is simple.
  1. Create your dedicated agent account if you have not done so already.
  2. Update the agent init file with the account information.
  3. Update your runlevels.

"Sandwich" by xkcd is licensed under CC BY 2.5


  • Depending on the permissions you give this dedicated account and your policies, you may also need to update the sudoers file so that it can deploy updates, start and stop services on your machine. For example, if your agent needs to start and stop JBOSS, then the dedicated account will either need permissions to do so or you will need to use impersonation on your components for these steps in your deploy process.
  • If you installed the agent as root and if your AGENT_HOME is owed by root, change owner and group to the dedicated account.

We’ll skip the ‘how to’ on creating the account, changing owner, group, etc. If you are reading this, most likely you can teach me a thing or two about Linux. If you’re just discovering the wonderful world of Linux, shoot me an email. We can run through this together.

SDA Agent INIT File

The agent installer provides a script file that can be copied to your init directory. However, you will need to modify it first.
  1. Go to the /core/bin/init directory.
  2. Modify the sraagent file by setting the AGENT_USER and AGENT_GROUP variables to the dedicated account. By default they are blank which will use root.
  3. Save the file.
  4. Using your runlevel configuration tool, update when the agent service is started on boot and reboots.


That’s it. You now have an SDA agent running under an account that IT is happy with. Now if world hunger was this easy to solve, we would all be heroes.

Do you have quick tip to share on your experience? Please share in the comments below so we can all learn more.

PS. If you know who the originator is for the ‘make me a sandwich’ illustration, let me know. I love it!

PSS. Thanks to Jessica, I now know who to give credit to!



How To-Best Practice
Comment List
Related Discussions