Configure Agent Account Privileges under Solaris 10

To auto-discover certain products under Solaris 10, the Hyperic Agent must run as root or you must explicitly grant additional permissions to the account where the agent runs. For background information, see Solving Auto-Discovery Problems.

Under Solaris 10's Least Privilege Model (LPM), default privileges are minimal. The Hyperic Agent must be able to read./proc/$pid/ files on the platform. Problems with auto-discovery on Solaris 10 may be the result of insufficient privileges. Depending on your account privilege implementation you may need to grant the proc_zone privilege to the agent account.

For example, you could add the following line to /etc/user_attr, to grant the proc_owner privilege to the hq user and deny the proc_session privilege:

hq::::type=normal;defaultpriv=basic,proc_owner,!proc_session

Note: After changing account privileges, the user needs to re-login.

Your approach for enabling agent access to /proc/$pid/ files will depend on your company's LPM implementation and best practices.