Overview
This article covers JetPatch Connector protocols, user permissions, installation requirements, and file locations.
It provides comprehensive guidance for configuring connector deployment across Windows and Linux/Unix environments.
Users
| OS | VMWare plugin/Standalone | Installation user | Running user |
| Linux / Unix | Standalone | Account specified by operator in UI (ROOT or sudoers) | Account specified by operator in UI (ROOT or sudoers) |
| Windows | Standalone | Account specified by operator in UI (Admin level) | SYSTEM or ADMIN USER |
| Windows | VMWare plugin | Uses the user that "VMWare tools" application is running as | SYSTEM or ADMIN USER |
| Note: If you are using a sudo account, it must be able to run commands without entering a password. |
Add the connector user to sudo / wheel
Adds the connector user to a privileged system group so it can execute administrative operations required during installation and patching (example: jetuser).
if getent group sudo >/dev/null 2>&1; then
sudo usermod -aG sudo jetuser
elif getent group wheel >/dev/null 2>&1; then
sudo usermod -aG wheel jetuser
else
echo "No sudo/wheel group found — check your sudoers config."
fi
The user must already exist (useradd jetuser) before running the command.
The group added depends on the OS:
Debian/Ubuntu → sudo
RHEL/CentOS/Oracle/Alma/Rocky → wheel
If neither group exists, the system's sudoers configuration must be reviewed.
Configure passwordless sudo
Passwordless sudo allows the connector user to execute required administrative commands without interactive password prompts.
This is required for fully automated connector deployment, patching, and management.
Steps to configure
Open the sudoers file using visudo (recommended):
sudo visudo
Make sure the connector user (example: jetuser) has a passwordless sudo entry.
Add one of the following lines under the User privilege specification section:
# User privilege specification
root ALL=(ALL:ALL) ALL
jetuser ALL=(ALL:ALL) NOPASSWD:ALL
Ensure the appropriate sudo/wheel group permissions exist:
%sudo ALL=(ALL:ALL) ALL
%root ALL=(ALL:ALL) NOPASSWD:ALL
Verify that the sudoers include directory is enabled (usually default):
@includedir /etc/sudoers.d
Notes
Always edit /etc/sudoers using visudo, which performs a syntax check to avoid breaking sudo access.
If you add a new user or modify sudoers on some Linux distributions (RHEL/CentOS), a reboot may be required for group membership to take effect.
Installation Permission and Location
Permissions
The JetPatch Connector installation files need read/write/execute permission to the following locations:
Windows
- C:\\Windows\Temp
- C:\\Program files\
Linux / Unix
- Before Jetpatch 4.2.8: /tmp
- JetPatch 4.2.8 and above: /var/jetpatch-temp
- Note: if issues are writing to non /tmp, set it back to /tmp (see article)
- /var/run
| Note: To change the default folder please follow the article |
Locations
- Windows: The installation target is configurable - See article
- Linux/Unix: The installation target is configurable - See article
| Important: If using antivirus software on the endpoints, it is recommended to whitelist the default connector installation directory: |
- Windows: C:\Program Files\Intigua\
- Linux/Unix: /usr/local/intigua
Protocols
Communication between the JetPatch server and endpoints is based on one of the following three protocols:
| Note: The primary protocol is WEB once the connector is installed. If the primary protocol is down, then it will fall back to SSH and SMB, depending on OS. |
- From Endpoints to JetPatch -
- From JetPatch to Endpoints -
-
SSH (22)
- For operations on Linux/Unix (only required if installing the connector on Linux/Unix machines from the JetPatch console). The connector can be deployed outside of JetPatch with non-SSH alternatives; see the link for details.
-
SMB2 (445)
- For operations on Windows machines (only required if installing the connector on Windows machines from the JetPatch console).
- The connector can be deployed outside of JetPatch with non-SMB alternatives; see the link for details.
-
SSH (22)
These three protocols are used to perform one of the following operations:
- Install Agent
- Uninstall Agent
- Install Patch
- Uninstall Patch
- Run Task (including Workflow tasks)
- Start Agent
- Stop Agent
- Get the status of the connector
- Change connector configuration
- Retrieve connector logs
In addition, these protocols perform scripting and patching operations.
Each of these operations has its own time-out (for example, the time-out for the install operation is 5 minutes).
In addition to the operation time-out, each driver (protocol) has its own growing-scale retry mechanism.
Meaning that each failure will result in a longer suspension until the next try (for example, first suspension of 1 second, second suspension of 2 seconds, third of 4 seconds, and so on up until 1 minute).
Connector Files and Processes
By default, JetPatch connector and managed agent files are stored in the following locations on endpoints:
| OS | Parent Directory | Intigua subdirectory | Managed agent subdirectory |
| Windows |
%Program_Files%\Intigua\ usually resolved to: C:\Program Files\Intigua\ |
vAgentManager (delayed start) | Intigua-Libs |
| Linux/Unix | /usr/local/intigua/ |
The Parent Directory is configurable in the connector management services.
The following services, links, and processes exist on endpoints:
| OS | Service / Link | Intigua / Process | Intigua Wrapper | Helper | Method |
| Windows | Service: vAgentManager | Intigua vlinkprocessjetpatch_enduser_app | vlinkservice | vagent_manager<32|64>.exe(Kernel-mode agents only) | DLL injection |
| Linux/Unix | Symbolic link: S30vlink, in /etc/rc5.d | vlink | LD_PRELOAD injection |
Relevant Articles
- General Connector Troubleshooting
- Deploying the JetPatch connector
- Disabling/Enabling Connector Protocols
Comments
0 comments
Please sign in to leave a comment.