Create a dedicated user for LsAgent on your Linux boxes and use it to run LsAgent. This will keep things secure by running services with the fewest amount of required privileges.
Prerequisites
LsAgent needs to be installed and running on the Linux box.
What's next?
Create a dedicated user to run LsAgent, such as "lansweeper":
adduser lansweeper
Change the /etc/systemd/system/LansweeperAgentService.service file (add User= and Group=) or if the file does not exist, create a new file LansweeperAgentService.service in /etc/systemd/system/:
[Unit]
Description=Lansweeper Agent
After=network.target
[Service]
User=lansweeper
Group=lansweeper
Type=simple
Restart=always
ExecStart=/opt/LansweeperAgent/LSAgent
WorkingDirectory=/opt/LansweeperAgent
SyslogIdentifier=LsAgent
[Install]
WantedBy=multi-user.target
Change ownership of the /opt/LansweeperAgent files:
chown lansweeper /opt/LansweeperAgent/*
chgrp lansweeper /opt/LansweeperAgent/*
Reload the service file:
systemctl daemon-reload
Certain commands require root privileges. The following step allows the lansweeper user to run the necessary commands with sudo privileges.
Add the following line to the /etc/sudoers file:
lansweeper ALL=(root) NOPASSWD: /sbin/dmidecode, /usr/sbin/dmidecode, /usr/bin/lspci, /usr/bin/echo, /sbin/lshw, /sbin/vgs, /sbin/vgdisplay, /sbin/pvs, /sbin/pvdisplay, /sbin/lvs, /sbin/lvdisplay
Restart the service:
systemctl restart LansweeperAgentService.service
LsAgent should now be running as the ‘lansweeper’ user.
Was this post helpful? Leave a Kudo!
Did you have a similar issue and a different solution? Share your work in the comments below and help your fellow IT Hero's!
More questions? Browse our Quick Tech Solutions or Community Forum.
If you can't find what you're looking for, create a post in our Community Forum.
