Return
-
Title
What is the local questusr account used for on the client machines? -
Description
What is the local questusr account used for on the client machines? -
Resolution
The questusr account is a service account created and used by Management Console for Unix (MCU) to manage Privilege Manager policy, to search event logs, and to auto-profile hosts. It is a non-privileged account (that is, it does not require root-level permissions) used by the console to gather information about existing policy servers in a read-only fashion. The management console does not use questusr account to make changes to any configuration files. questgrp is the primary group (gid) for questusr. The questusr account should also have pmpolicy and pmlog added as secondary groups in order to be able to search the Privilege Manager logs from the MCU.If questusr is inadvertently deleted from the console, the console turns ‘Auto-profiling’ off.To recreate the "questusr" account,1. Re-profile the host.2. Reconfigure the host for automatic profiling.Once the user is setup, the password is no longer required or remembered. MCU uses ssh keys for its authentication to the system.The keys are stored hereCheck the permissions on the authorized_keys files:ls -al /var/opt/quest/home/questusr/.ssh/authorized_keys-------------------------rw-r--r--. 1 questusr questgrp 203 Aug 22 12:00 authorized_keys