Operating system users
The DNCA must be installed by using the root
user
account. During the installation process, the DNCA user dncauser
is
created. During execution, the dncauser
user runs the
DNCA processes, regardless of the user that started them.
It is not required that you log in to the system by using the root
user.
However, the dncauser
user must have the permissions to run the
./discover start
and ./discover stop
commands. It is necessary
to run with limited root
permissions as described. As a passive
network traffic that is capturing application running under a stock Linux™ operating system, the DNCA requires specific system permissions to
passively capture network packets. Through the operating system, the DNCA must be able to place
system network NICs into promiscuous capture mode. It allows the DNCA to passively listen to all
network traffic presented to the designated NICs. It is necessary to run the specific application
process as root permission.
To minimize security issues, only one specific DNCA application module requires this permission for traffic that is capturing. All other DNCA application modules are run with non-root user permissions.
The capturing module only listens to a copy of the supplied network traffic. The module cannot inject any traffic whatsoever between your web server and the client browser.