Install non-root agents

You can configure non-root agents on *nix and Windows nodes. Running agents without root privileges allows teams to perform some, but not all, administrative actions in Puppet Enterprise (PE) that would otherwise require root privileges.

For example, assume a team with root privileges maintains your infrastructure’s platform, and a separate team with diminished privileges maintains your infrastructure’s applications. If the application team needs to manage their part of the infrastructure independently, they can do this by running Puppet without root privileges.

Non-root users can perform a reduced set of management tasks, including configuring settings, configuring Facter external facts, running puppet agent --test, and running Puppet with non-privileged cron jobs or a similar scheduling service. Non-root users can also classify nodes by writing or editing manifests in directories where they have write privileges.

By default, PE is installed with root privileges; therefore, a root user must install the agent and configure non-root access to the primary server. The root user also sets up non-root users on the primary server and relevant agent nodes.

In Windows, the administrator is equivalent to the root user. For the sake of simplicity, our documentation might use root to refer to either the root user or the administrator.