Articles in this section

Connector Protocols, Permissions, and Users

Users

OS

VMWare plugin/Standalone

Installation user

Running user

Linux / Unix

Standalone

Account specified by operator in UI (ROOT or sudoers)

Account specified by operator in UI (ROOT or sudoers)

Windows

Standalone

Account specified by operator in UI (Admin level)

SYSTEM or ADMIN USER

Windows

VMWare plugin

Uses the user that "VMWare tools" application is running as

SYSTEM or ADMIN USER
Note: If you are using a sudo account, it must be able to run commands without entering a password
 

Add the connector user to sudo / wheel

Adds the connector user to a privileged system group so it can execute administrative operations required during installation and patching (example: jetuser).

if getent group sudo >/dev/null 2>&1; then
   sudo usermod -aG sudo jetuser
elif getent group wheel >/dev/null 2>&1; then
   sudo usermod -aG wheel jetuser
else
   echo "No sudo/wheel group found — check your sudoers config."
fi
 

  • The user must already exist (useradd jetuser) before running the command.

  • The group added depends on the OS:

    • Debian/Ubuntusudo

    • RHEL/CentOS/Oracle/Alma/Rockywheel

  • If neither group exists, the system's sudoers configuration must be reviewed.

Configure passwordless sudo

Passwordless sudo allows the connector user to execute required administrative commands without interactive password prompts.
This is required for fully automated connector deployment, patching, and management.

Steps to configure

  1. Open the sudoers file using visudo (recommended):
    sudo visudo

  2. Make sure the connector user (example: jetuser) has a passwordless sudo entry.
    Add one of the following lines under the User privilege specification section:
    # User privilege specification
    root    ALL=(ALL:ALL) ALL
    jetuser ALL=(ALL:ALL) NOPASSWD:ALL

  3. Ensure the appropriate sudo/wheel group permissions exist:
    %sudo  ALL=(ALL:ALL) ALL
    %root  ALL=(ALL:ALL) NOPASSWD:ALL
     

  4. Verify that the sudoers include directory is enabled (usually default):
    @includedir /etc/sudoers.d

Notes

  • Always edit /etc/sudoers using visudo, which performs a syntax check to avoid breaking sudo access.

  • If you add a new user or modify sudoers on some Linux distributions (RHEL/CentOS), a reboot may be required for group membership to take effect.

 

Installation Permission and Location

Permissions

The JetPatch Connector installation files need read/write/execute permission to the following locations:

Windows

  • C:\\Windows\Temp
  • C:\\Program files\

Linux / Unix

  • Before Jetpatch 4.2.8: /tmp 
  • JetPatch 4.2.8 and above: /var/jetpatch-temp
    • Note: if there are issues writing to non /tmp, set it back to /tmp (see article)
  • /var/run

Note: To change the default folder please follow the article

Locations

  • Windows: The installation target is configurable.  See article
  • Linux/Unix: The installation target is configurable.  See article
Important Note: If using antivirus software on the endpoints, it is recommended to whitelist the default connector installation directory:
  • Windows: C:\Program Files\Intigua\
  • Linux\Unix /usr/local/intigua

Protocols

Communication between JetPatch server and endpoints is based on one of the following three protocols: 

Note: The primary protocol is WEB once the connector is installed.  If the primary protocol is down, then it will fall back to SSH and SMB, depending on OS.

  • From Endpoints to JetPatch - 
    • HTTPS (443) - Whenever an operation can be done using Web - it will (ok for upgrading connector and removing the connector).
  • From JetPatch to Endpoints - 
    • SSH (22) - For operations on Linux/Unix (only required if installing the connector on Linux/Unix machines from JetPatch console).  The connector can be deployed outside of JetPatch with non-SSH alternatives, see link for details.
    • SMB2 (445) - For operations on Windows machines (only required if installing the connector on Windows machines from JetPatch console). The connector can be deployed outside of JetPatch with non-SMB alternatives, see link for details.

These three protocols are used to perform one of the following operations: 

  • Install Agent 
  • Uninstall Agent
  • Install Patch
  • Uninstall Patch
  • Run Task (including Workflow tasks)
  • Start Agent
  • Stop Agent
  • Get the status of the connector
  • Change connector configuration
  • Retrieve connector logs 

In addition, these protocols perform scripting and patching operations.

Each of these operations has it's own time-out (for example - time out for install operation is 5 minutes). In addition to the operation time-out - each driver (protocol) has its own growing-scale retry mechanism.  Meaning that each failure will result in a longer suspension until the next try (for example - first suspension of 1 second, second suspension of 2 seconds, third of 4 seconds and so on up until 1 minute). 

Connector Files and Processes

By default, JetPatch connector and managed agent files are stored in the following locations on endpoints:

OS

Parent Directory

Intigua subdirectory

Managed agent subdirectory

Windows

%Program_Files%\Intigua\
usually resolved to:
C:\Program Files\Intigua\

vAgentManager (delayed start)

Intigua-Libs

Linux/Unix

/usr/local/intigua/

 

 

The Parent Directory is configurable in connector management services.

The following services, links and processes exist on endpoints:

OS

Service / Link

Intigua / Process

Intigua Wrapper

Helper

Method

Windows

Service: vAgentManager

Intigua vlinkprocess

jetpatch_enduser_app

vlinkservice

vagent_manager<32|64>.exe

(Kernel-mode agents only)

DLL injection

Linux/Unix

Symbolic link: S30vlink, in /etc/rc5.d

vlink

 

 

LD_PRELOAD injection
 

Relevant Articles

Related articles

Comments

0 comments

Please sign in to leave a comment.