Migrating Collector from Root to Non-root User
Last updated on 06 September, 2024Note: To migrate the Docker collector to non-root user, see Running a Linux Collector in a Docker Container as a Non-Root User.
Initially, you could run Linux Collectors using root credentials. Later, we extended this support to users with non-root credentials to install Collectors.
We have now enhanced the migration process to enable users to migrate Collectors running as root to run under non-root users without uninstalling Collector or losing any data. You can follow both prompt based and silent migration processes to migrate Collectors running as root to run under non-root user.
You must run the script updateToNonRoot.sh. The default path is, /usr/local/logicmonitor/agent/bin/updateToNonRoot.sh
Requirements
- Users with root credentials can execute the script.
- Ensure that the Collector is installed as a root user.
Points to Consider
- In case of silent migration, you must place the parameters in the following sequence:
-q -u -d. - When migrating Linux Collector using the silent migration method, to access help you can enter the parameter
-hafter the script./updateToNonRoot.sh. The following parameters are displayed:
| Parameter | Description |
| -h | Provides help. |
| -q | Indicates to the installer that the migration should be done in Silent mode. |
| -u | Provide name of the non-root user under whom you want to migrate the Collector service. |
| -d | Indicates the path where the Collector is installed. By default, the Collector is installed at /usr/local/logicmonitor. If the Collector is not installed at the default path, then enter the custom path where you have installed the Collector. |
Migrating Linux Collectors
You can migrate Linux Collector from root to non-root user using the silent or prompt based migration method. Note that when you install Linux Collector using any of the two installation methods, LogicMonitor creates a default non-root user ‘logicmonitor’. When migrating Linux Collector from root to non-root user, if the non-root user that you specified for migration does not exist, the ./updateToNonRoot.sh script will create that non-root user.
Silent Migration
In the command prompt, run the following commands:
- Log in to the machine with root credentials.
- Navigate to the agent/bin folder of your Collector.
- Enter and run the command
./updateToNonRoot.shfollowed by the parameters for silent migration. The format and sequence is-q -u[non-root username]-d[custom path, if any]
After you run the script, the Linux Collector is migrated from root to non-root.
Prompt based Migration
In the command prompt, run the following commands:
- Log in to the machine with root credentials.
- Navigate to the agent/bin folder of your Collector.
- Run the script
./updateToNonRoot.sh.
The system will prompt you to specify the user to migrate the Collector to non-root. - The script will create a default non-root user ‘logicmonitor’ and use it. You can create and use your own non-root user account, if necessary.
- By default, the Collector is located at /usr/local/logicmonitor. If the Collector is located at some other directory, then specify that path.
After you run the script, the Linux Collector is migrated from root to non-root.
Verifying Migration
To verify if the Collector has successfully migrated from root to non-root, follow these steps 10 minutes after the migration is complete:
- Navigate to Settings > Collectors.
- Under the Collectors tab, select the collector that you migrated to non-root user.
- Select the More option and then select Collector Status.
You can view that the collector has successfully migrated to non-root user.
Rolling Back Migration
In case the updateToNonRoot.sh script fails to migrate Linux Collector from root to non-root, or if you face any issue after migration, you can run the revertToRootUser.sh script to roll back migration. The script is available in the agent/bin folder.
Note:
- The destination path must be the path where the Collector is currently installed.
- The rollback script is available in EA Collector 32.400 and later.
- If you want to rollback migration for Collector version prior to 32.400, you can copy the script given below to create the script file.
#!/bin/sh
# get the name of init process
get_init_proc_name() {
file_name="/proc/1/stat"
cat $file_name|cut -f1 -d')'|cut -f2 -d'('
}
# get a string as answer from the stdin
get_input() {
prompt_msg=${1:?"prompt message is required"}
default_value=${2}
if [ "$default_value" != "" ];then
prompt_default_value=" [default: $default_value]"
fi
read -p "$prompt_msg$prompt_default_value:" value
if [ "$value" = "" ];then
value=$default_value
fi
echo $value
}
help() {
echo "Usage : [-h] [-y] [-u install user] [-d install path]
-h help - show this message
-y silent-update - update silently
-d install path - installation path of collector(default: /usr/local/logicmonitor)"
exit 1
}
OPTS_SILENT=false
DEST_USER="root"
DEST_DIR="/usr/local/logicmonitor"
DEST_GROUP="root"
while getopts "hqu:d:" current_opts; do
case "${current_opts}" in
h)
help
;;
q)
OPTS_SILENT=true
;;
d)
DEST_DIR=${OPTARG}
;;
*)
help
;;
esac
done
if [ "$OPTS_SILENT" != "true" ]; then
DEST_DIR=`get_input "Enter the directory under which collector is installed" "$DEST_DIR"`
fi
if [ -d "$DEST_DIR/agent" ]; then
service logicmonitor-watchdog stop
service logicmonitor-agent stop
systemctl disable logicmonitor-agent.service
systemctl disable logicmonitor-watchdog.service
CUR_USER=$(stat -c '%U' $DEST_DIR)
if [ "$CUR_USER" != "root" ]; then
LM_WATCHDOG_SERVICE="$DEST_DIR/agent/bin/logicmonitor-watchdog.service"
sed -i.bak "s#User=$CUR_USER#User=root#g" $LM_WATCHDOG_SERVICE
sed -i.bak "s#Group=$CUR_USER#Group=root#g" $LM_WATCHDOG_SERVICE
rm -f $LM_WATCHDOG_SERVICE.bak
LM_AGENT_SERVICE="$DEST_DIR/agent/bin/logicmonitor-agent.service"
sed -i.bak "s#User=$CUR_USER#User=root#g" $LM_AGENT_SERVICE
sed -i.bak "s#Group=$CUR_USER#Group=root#g" $LM_AGENT_SERVICE
rm -f $LM_AGENT_SERVICE.bak
fi
$ldconfig
chown $DEST_USER:$DEST_GROUP $DEST_DIR/
chown -R $DEST_USER:$DEST_GROUP $DEST_DIR/agent
INIT_PROC=`get_init_proc_name`
if [ "$INIT_PROC" = "systemd" ];then
mkdir /etc/systemd/user
cp $DEST_DIR/agent/bin/logicmonitor-agent.service /etc/systemd/system
cp $DEST_DIR/agent/bin/logicmonitor-watchdog.service /etc/systemd/system
chown $DEST_USER:$DEST_GROUP /etc/systemd/system/logicmonitor-agent.service
chown $DEST_USER:$DEST_GROUP /etc/systemd/system/logicmonitor-watchdog.service
chmod 0644 /etc/systemd/system/logicmonitor-agent.service
chmod 0644 /etc/systemd/system/logicmonitor-watchdog.service
systemctl enable logicmonitor-agent.service
systemctl enable logicmonitor-watchdog.service
rm -f /etc/systemd/user/logicmonitor-watchdog.service
rm -f /etc/systemd/user/logicmonitor-agent.service
systemctl daemon-reload
echo "Succesfully reverted collector services to run under $DEST_USER"
else
ln -sf ./bin/logicmonitor-agent /etc/init.d/logicmonitor-agent
ln -sf ./bin/logicmonitor-watchdog /etc/init.d/logicmonitor-watchdog
chown $DEST_USER:$DEST_GROUP /etc/init.d/logicmonitor-agent
chown $DEST_USER:$DEST_GROUP /etc/init.d/logicmonitor-watchdog
/sbin/chkconfig --add /etc/init.d/logicmonitor/logicmonitor-agent 2>/dev/null
/sbin/chkconfig --add /etc/init.d/logicmonitor/logicmonitor-watchdog 2>/dev/null
#if update-rc.d exists, let's run it to install our services
if which update-rc.d 2> /dev/null;then
# We found update-rc.d, let's use it ...
update-rc.d logicmonitor-agent defaults 2>/dev/null
update-rc.d logicmonitor-watchdog defaults 2>/dev/null
fi
echo "Succesfully reverted collector services to run under $DEST_USER"
fi
$DEST_DIR/agent/bin/logicmonitor-watchdog start
else
echo "The agentPath is not $DEST_DIR or is not provided. Please provide correct path where collector is installed and run the script again."
fi