4.1.3 Plug-in executing users
The execution user of a plug-in is as follows:
-
When the OS of the operation target device is Windows
Commands and scripts are executed by the user who connects to the operation target device.
When the operation target device is running Windows, user profiles are not inherited. This means a plug-in can produce different execution results from a command or script executed on the desktop.
To avoid this issue, do not reference settings in user profiles, such as user environment variables, registry entries, and Internet Explorer settings, when executing a plug-in. If a command or script references an element of a user profile, the command or script might not behave as expected. For example, when you execute a command or script that references Internet Explorer proxy settings, the command or script might fail with a communication error. This might occur in scenarios such as implementing a Windows Update using a script.
-
When the OS of the operation target device is UNIX
Generally, the user who connects to the operation target device is the execution user of commands and scripts. JP1/AO also provides a function that allows you to elevate the execution user of a command or script to root privilege.
Note that when a user connects to an operation target device as a user with root privilege, the connection of the root privilege user must be permitted on the operation target device side.
The following table lists the execution users for plug-ins.
Table 4‒2: Execution users for plug-ins Plug-in
Elevation to root privilege#1
User who connected to operation target device
Execution user of command or script#2
-
Basic plug-in (general command plug-in, file-forwarding plug-in, or terminal connect plug-in)
-
Content plug-in
Enabled
User with root privilege
User with root privilege
User without root privilege
User with root privilege
Not enabled
User with root privilege
User with root privilege
User without root privilege
User without root privilege
- #1
-
The process by which the user is elevated to root privilege depends on the plug-in.
-
For basic plug-ins:
-
General command plug-in and file-forwarding plug-in
You can specify whether to elevate the user to root privilege in the plug-in properties.
-
For the terminal connect plug-in:
You cannot configure JP1/AO to elevate users of the terminal connect plug-in to root privilege. To achieve this, you need to execute the command that elevates the user to root privilege in a terminal command plug-in.
For details about the elevation of users to root privilege, see the section describing basic plug-ins in the manual Job Management Partner 1/Automatic Operation Service Template Reference.
-
-
For content plug-ins:
You can specify the permissions of the execution user by using the Execute by using root privileges (for SSH connections) check box in the Create Plug-in dialog box or the Edit Plug-in dialog box. If you select this check box, commands and scripts are executed as a user with root privilege. If the check box is cleared, commands and scripts are executed with the permissions of the user who connected to the operation target device.
- Tip
-
When the Execute by using root privileges (for SSH connections) is selected, the way in which you specify the superuser password depends on the credential type selected in the Create Plug-in or Edit Plug-in dialog box.
-
If Destination is selected as the credential type for the plug-in
JP1/AO uses the superuser password specified in the definition of the connection destination.
-
If Property is selected as the credential type for the plug-in
JP1/AO uses the superuser password specified in the plugin.suPassword plug-in property.
-
-
- #2
-
-
In the case of a file-forwarding plug-in, the user who transfers the file.
-
In the case of a terminal connect plug-in, the command is actually executed by a terminal command plug-in.
-
-