6.1.2 Plug-in executors
The executor of a plug-in depends on the combination of the setting of the local execution function and the operation target device.
When local execution function is disabled
When local execution function is disabled, the executor of a plug-in is as follows:
When the OS of the operation target device is Windows
In most circumstances, the execution user of a command or script is the user who connects to the operation target device. However, you can also execute commands or scripts with the permissions of the System account after connecting to the operation target device.
When the operation target device is running Windows, user profiles are not inherited. This means a plug-in can produce different execution results from a command or script executed on the desktop.
To avoid this issue, do not reference settings in user profiles, such as user environment variables, registry entries, and the settings of your web brower, when executing a plug-in. If a command or script references an element of a user profile, the command or script might not behave as expected.
When the OS of the operation target device is UNIX
Generally, the user who connects to the operation target device is the executor of commands and scripts. JP1/AO also provides a function that allows you to elevate the executor of a command or script to root privileges.
Note that when a user connects to an operation target device as a user with root privileges, the connection of the root privileged user must be permitted on the operation target device side.
The following table lists the executors of plug-ins.
Table 6‒3: Execution users for plug-ins Plug-in
Elevation to root privileges#1
User who connected to operation target device
Executor of command or script#2
Basic plug-in (general command plug-in, file-transfer plug-in, or terminal connect plug-in)
Content plug-in
Enabled
User with root privileges
User with root privileges
User without root privileges
User with root privileges
Not enabled
User with root privileges
User with root privileges
User without root privileges
User without root privileges
#1 The process by which the user is elevated to root privileges depends on the plug-in.
For general command plug-in and file-transfer plug-in:
You can specify whether to elevate the user to root privileges in the plug-in properties. For details about the elevation of users to root privileges, see the section describing basic plug-ins in the manual JP1/Automatic Operation Service Template Reference.
For the terminal connect plug-in:
You cannot configure JP1/AO to elevate users of the terminal connect plug-in to root privileges. To achieve this, you need to execute the command that elevates the user to root privileges in a terminal command plug-in. For details about the elevation of users to root privileges, see the section describing basic plug-ins in the manual JP1/Automatic Operation Service Template Reference.
For content plug-ins:
You can specify the permissions of the executor by using the Execute with root privileges check box on the Remote Command tab of the Create Custom Plug-in or the Edit Custom Plug-in dialog box. If you select this check box, commands and scripts are executed as a user with root privileges. If the check box is not selected, commands and scripts are executed with the permissions of the user who connected to the operation target device.
- Tip
When the Execute with root privileges check box is selected, how you specify the superuser password depends on the credential type specified on the remote Command tab in the Create Custom Plug-in or Edit Custom Plug-in dialog box.
If Shared agentless setting is selected as the credential type for the plug-in
JP1/AO uses the superuser password specified in the definition of the connection destination.
If Service input property is selected as the credential type for the plug-in
JP1/AO uses the superuser password specified in the plugin.suPassword plug-in property.
#2 In the case of a file-transfer plug-in, this executor is the user who transfers the file. Also, in the case of a terminal connect plug-in, the command is actually executed by a terminal command plug-in.
When local execution function is enabled
When the local execution function is enabled and the operation target device is the local host, the executors of plug-ins are as follows :
When the OS of the local host is Windows
Commands and scripts are executed by a user with System account privileges.
When the OS of the local host is UNIX
Commands and scripts are executed by a user who has root-user privileges.
Note that the executor for the operation target device that is other than the local host is the same executor as when the local execution function is disabled.