Customer has su locked down and does sudo when needed to run jobs with higher authority. Since they do not run su, how can they run the agent that always wants to su to a user first? Please look at ticket T-76739 and see the attachments. Since there are graphics you need to see to do this and I cannot attached files to a resolution. document is called how_not_to_use_su_in_agent.docx

Here are the steps minus the important graphics, so please look at other ticket. Have them log into the UNIX box as 'skybot' or whomever they're using to run the Agent, and run these commands:

Shutdown the Agent: ./ Create a local link called 'su' that points to the default shell: ln -s /bin/sh su It should look like this: ls -al su [skybot@linus agent]$ ls -al su lrwxrwxrwx 1 skybot skybot 7 Dec 9 13:06 su -> /bin/sh Add the current directory to their PATH: PATH=.:$PATH And export it: export PATH Start the Agent: ./ When the Agent starts a job, the command used to start the session is 'su username', so we'll set up a job and specify a username that contains a 'harmless' parameter flag for the shell, such as '-s' on Linux.

As for the password, just enter a pound-sign (and confirm it on the second password line). When the agent starts a job, it's going to issue the command 'su -s', which really equates to '/bin/sh -s'. Then, the agent sends the password, which is that single pound sign, which the shell ignores as a comment.

After that, it's business as usual and the job continues to execute as the agent user: Starting process with command: /home/skybot/agent/bin/Linux/i686/robotterm -n su -s cols 10000 COMPLETED_1323458047320: $? COMPLETED_1323458047320: 0 /tmp COMPLETED_1323458047472: $? COMPLETED_1323458047472: 0 skybot COMPLETED_1323458047764: $? COMPLETED_1323458047764: 0 /tmp COMPLETED_1323458047968: $? COMPLETED_1323458047968: 0 exit