Pre-installation
Prior to installing TIBCO MFT Platform Server for UNIX, you must decide whether the responder daemon (CyberResp) runs as a root or a non-root account. Here is an explanation of the root and non-root installs:
Deciding whether to run as root or non-root is a decision that must be made by each customer based on their policies and requirements.
Here are the differences between a root and non-root installation.
ROOT Installation
-
The
CyberRespdaemon runs as a root account. -
When a transfer or Command Center request executes, Platform Server verifies the credentials against the PAM, or the password/shadow password files, or responder profiles. For a successful log in, a
setuidis executed for the transfer user ID. -
Transfers and management requests run under the UID of the transfer user.
-
File authorization checking is performed under the transfer user's UID.
Non-ROOT Installation
-
The
CyberRespdaemon runs under the UID of the process startingCyberResp. -
The
config.txt SERVER RequiredNodeDefinitionparameter is set toYes. All incoming requests must have a corresponding Node definition. -
When a transfer or Command Center request executes, Platform Server verifies the credentials against the Responder Profiles.
-
Validation against PAM or the system password or shadow password files is not supported.
-
Transfers and management requests run under the
CyberRespprocess UID. File authorization checking is performed under theCyberRespprocess UID.