Hi

SCOM2012R2 UR7. Linux mp`s 7.5.1045.0

In our company we can`t install agent on RHEL 7.1 at all, it works only with root, not with specific runas account

Standard Error: error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Permission denied)

Unix admins says, that scom not even promt for sudo elevation (in logs) , but elevation is turned on for priveleged runas profile

What can it be ? Here is config (scom-a is priveleged acc.)

[root@host ssl]# grep -v '^$\|#' /etc/sudoers

Defaults    always_set_home

Defaults    env_reset

Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"

Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"

Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"

Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"

Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

root    ALL=(ALL)       ALL

%wheel  ALL=(ALL)       NOPASSWD: ALL

[root@ host ssl]# id scom

uid=1002(scom) gid=1002(scom) groups=1002(scom)

[root@host ssl]# id scom-a

uid=1001(scom-a) gid=1001(scom-a) groups=1001(scom-a),10(wheel)

The agent must be installed and run as root. I'm not sure why your SUDO configuration is not working. If you ssh into the agent as the scom user can you run any "root" only command? Once the SCOM agent is installed you can access it via a non-root user to collect the data from it. Have you looked at this link for setting up SUDO?

Regards,

-Steve

Make sure when you push the agent as a non-root user you specify that the account does not have privileged access and that it should use sudo elevation.

Regards

Graham