When and why is root level permissions required for a Linux user to install Network Connect?
Network Connect (NC) for Linux can be installed through the Java Delivery method using a browser or using the RPM (Red Hat Package Manager). The following describes the root password requirement for both methods.
Java Delivery (using a browser)
If the user is connecting to the SA device using one of the supported browsers, then a normal user should start the browser and connect to the SA device. After launching NC through Network Connect Start button, the Launcher Applet is downloaded. Various certificates need to be approved.
For the very first installation of NC (or upgrade of NC), the Launcher Applet will install "ncsvc.exe". To install ncsvc, root password is needed. The root password is needed only at the first install and for subsequent upgrades/downgrades only. Once the ncsvc is installed, ncui is launched.
Subsequent launches of NC will not need root password. One exception is if auto uninstall is configured on the SA device for Network Connect, the ncui and ncsvc executable are removed and hence the next launch of the NC Launcher will need installation of ncsvc, requiring root password. Using this method of installation, each user needs to install ncsvc separately as these files are installed in "/.juniper_networks/network_connect".
This implies that if user1 has installed NC, then user2 cannot use the same NC and needs to install NC by connecting to the SA device using a supported browser.
A root password/shell is needed for RPM installation. Once the ncui rpm is installed, the normal users can start ncui/ncsvc from xterm or terminal. The execution of ncui or ncsvc will not need root password.