Pre-installation
Prior to installing TIBCO MFT Platform Server for UNIX, you must decide whether the responder daemon (CyberResp
) runs as a root or a non-root account. Here is an explanation of the root and non-root installs:
Deciding whether to run as root or non-root is a decision that must be made by each customer based on their policies and requirements.
Here are the differences between a root and non-root installation.
ROOT Installation
-
The
CyberResp
daemon runs as a root account. -
When a transfer or Command Center request executes, Platform Server verifies the credentials against the PAM, or the password/shadow password files, or responder profiles. For a successful log in, a
setuid
is executed for the transfer user ID. -
Transfers and management requests run under the UID of the transfer user.
-
File authorization checking is performed under the transfer user's UID.
Non-ROOT Installation
-
The
CyberResp
daemon runs under the UID of the process startingCyberResp.
-
The
config.txt SERVER RequiredNodeDefinition
parameter is set toYes
. All incoming requests must have a corresponding Node definition. -
When a transfer or Command Center request executes, Platform Server verifies the credentials against the Responder Profiles.
-
Validation against PAM or the system password or shadow password files is not supported.
-
Transfers and management requests run under the
CyberResp
process UID. File authorization checking is performed under theCyberResp
process UID.