Setup impersonation - Connect_ETL - 9.13

Connect ETL Installation Guide

Product type
Software
Portfolio
Integrate
Product family
Connect
Product
Connect > Connect (ETL, Sort, AppMod, Big Data)
Version
9.13
Language
English
Product name
Connect ETL
Title
Connect ETL Installation Guide
Copyright
2024
First publish date
2003
Last updated
2024-11-08
Published on
2024-11-08T16:36:35.232000

If you plan to use impersonation when running dmxrund, setup an impersonated user to install and run on Linux.

Windows

As the administrative user has impersonation privileges by default, no setup is required.

Linux

Connect installation impersonation considerations on Linux follow:

  • No impersonation: Running jobs without impersonation does not require root access. Upon receipt of a job submission request from the dmxrund calls the Connect Engine, dmxdfnl, to run the submitted job as the service user, connectuser.
  • Impersonation: Running jobs with impersonation requires root access to impersonate the specified user. While dmxrund never is granted root access, another installed component, dmxexecutor, can enable impersonation. When dmxrund detects that dmxexecutor is installed in the required directory with the correct permissions, dmxrund calls dmxexecutor to impersonate the specific user that calls the Connect engine, dmxdfnl, which runs the submitted jobs.

To install and run job requests with impersonation, do the following:

  • Create a service user, such as connectuser.
  • Create a service group, dmexpress.
    Note: If you choose to change the name of the service group, you must update the SERVICE_GROUP property of the Connect custom impersonation configuration properties file.
    • Add connectuser to the dmexpress service group.
    • Run the installation as connectuser.
    • Ensure that the following files are in the specified directories with the specified permissions:
Directory and file Permissions Notes
<Connect_installation>/bin/ dmxexecutor -rwsr-x--- The ā€˜sā€™ represents the set-user identification (setuid) bit and indicates that dmxexecutor is extended impersonation privileges to run submitted jobs as a specific user.
<Connect_installation>/conf/ dmxexecutor.conf -rwx------ Updates to dmxexecutor.conf are required only if you choose to customize the impersonation.