Preventive Service Planning
Abstract
This document is a sample sudoers file with the commands that are needed for file indexing and Oracle functionality. Change the value for SPPUSR to the username that SPP will log in.
Content
#-------------------------------------------------------------------------------
# Introduction
#-------------------------------------------------------------------------------
# Introduction
#-------------------------------------------------------------------------------
# This is a sample sudoers file that allows the SPP agent to run various
# commands with elevated privileges without requiring a password.
# commands with elevated privileges without requiring a password.
# Place this configuration in your sudoers configuration, either in the main
# configuration file or a separate file under /etc/sudoers.d/ depending on
# what is supported by your version of sudo. Refer to the sudo man page for
# further details.
# configuration file or a separate file under /etc/sudoers.d/ depending on
# what is supported by your version of sudo. Refer to the sudo man page for
# further details.
# Carefully read the comments below. You will likely need to customize the
# user and command aliases depending on your system configuration.
# user and command aliases depending on your system configuration.
#-------------------------------------------------------------------------------
# User and Command Aliases
#-------------------------------------------------------------------------------
# User and Command Aliases
#-------------------------------------------------------------------------------
# The local username that SPP will use to login to this system
# Change this value to the actual username that SPP will log in as
User_Alias SPPUSR = sppagent
# Change this value to the actual username that SPP will log in as
User_Alias SPPUSR = sppagent
# ORACLE ONLY:
# The local usernames of the Oracle Home and Grid Home owner (if applicable)
# Change this value to the actual username(s) of the Oracle/Grid owner(s)
Runas_Alias ORCLUSR = oracle,grid
# The local usernames of the Oracle Home and Grid Home owner (if applicable)
# Change this value to the actual username(s) of the Oracle/Grid owner(s)
Runas_Alias ORCLUSR = oracle,grid
# The command aliases below contain the full paths to the commands that
# SPPUSR needs to run as root. The paths specified here must be executables.
# SPPUSR needs to run as root. The paths specified here must be executables.
# The commands below are specified using their most common paths, but they may
# vary slightly depending on your Linux version/distro. Make sure that the correct
# path is specified for each command below.
# vary slightly depending on your Linux version/distro. Make sure that the correct
# path is specified for each command below.
# Some commands may exist under multiple paths, for example /bin/kill and
# /usr/bin/kill. In these cases, specify the first available path in this
# order: /sbin, /bin, /usr/sbin, /usr/bin.
# The recommended way to find the suitable paths is:
# - Login as root
# - Temporarily set the PATH env var by running
# export PATH=/sbin:/bin:/usr/sbin:/usr/bin
# - Run 'which <command>' for each command, e.g. 'which kill'
# /usr/bin/kill. In these cases, specify the first available path in this
# order: /sbin, /bin, /usr/sbin, /usr/bin.
# The recommended way to find the suitable paths is:
# - Login as root
# - Temporarily set the PATH env var by running
# export PATH=/sbin:/bin:/usr/sbin:/usr/bin
# - Run 'which <command>' for each command, e.g. 'which kill'
# In case of symbolic links, specify the ultimate executable that the link
# resolves to.
# resolves to.
# Some commands are only needed for specific scenarios that may not apply to you.
# For example, iscsiadm is required only if iSCSI is in use. If a command does not
# exist on your system, you can remove it from the list.
# For example, iscsiadm is required only if iSCSI is in use. If a command does not
# exist on your system, you can remove it from the list.
Cmnd_Alias SYSCMD = /sbin/lsmod, /bin/kill, /sbin/iscsiadm, /bin/mount, /bin/umount, /sbin/fuser, /sbin/multipath, /sbin/tune2fs, /usr/sbin/xfs_admin, /sbin/e2fsck, /sbin/xfs_repair, /bin/sync, /sbin/blkid, /sbin/partprobe, /usr/bin/df
Cmnd_Alias SCSICMD = /lib/udev/scsi_id
Cmnd_Alias FILECMD = /usr/bin/ls, /usr/bin/cat, /usr/bin/tee, /usr/bin/sed, /usr/bin/cp, /usr/bin/mv, /usr/bin/rm, /usr/bin/mkdir, /usr/bin/rmdir, /usr/bin/readlink, /usr/bin/chown, /usr/bin/chmod, /usr/bin/find, /usr/bin/stat
Cmnd_Alias LVMCMD = /sbin/dmsetup, /sbin/vgimportclone, /sbin/vgchange, /usr/sbin/pvs
Cmnd_Alias SCSICMD = /lib/udev/scsi_id
Cmnd_Alias FILECMD = /usr/bin/ls, /usr/bin/cat, /usr/bin/tee, /usr/bin/sed, /usr/bin/cp, /usr/bin/mv, /usr/bin/rm, /usr/bin/mkdir, /usr/bin/rmdir, /usr/bin/readlink, /usr/bin/chown, /usr/bin/chmod, /usr/bin/find, /usr/bin/stat
Cmnd_Alias LVMCMD = /sbin/dmsetup, /sbin/vgimportclone, /sbin/vgchange, /usr/sbin/pvs
# Comment out one of the two alternatives below
# For newer operating systems where systemd is in use:
# Cmnd_Alias MPATHCMD = /bin/systemctl
# Cmnd_Alias MPATHCMD = /bin/systemctl
# For older operating systems without systemd:
Cmnd_Alias MPATHCMD = /etc/init.d/multipathd
Cmnd_Alias MPATHCMD = /etc/init.d/multipathd
#-------------------------------------------------------------------------------
# General Settings
#-------------------------------------------------------------------------------
# General Settings
#-------------------------------------------------------------------------------
# Path for sudo commands
Defaults:SPPUSR secure_path=/sbin:/bin:/usr/sbin:/usr/bin
Defaults:SPPUSR secure_path=/sbin:/bin:/usr/sbin:/usr/bin
# Don't require a tty
Defaults:SPPUSR !requiretty
Defaults:SPPUSR !requiretty
# ORACLE ONLY:
# Preserve some env vars
Defaults:SPPUSR env_keep+="ORACLE_HOME"
Defaults:SPPUSR env_keep+="ORACLE_SID"
# Preserve some env vars
Defaults:SPPUSR env_keep+="ORACLE_HOME"
Defaults:SPPUSR env_keep+="ORACLE_SID"
#-------------------------------------------------------------------------------
# Grant Access
#-------------------------------------------------------------------------------
# Grant Access
#-------------------------------------------------------------------------------
# Allow SPPUSR to run general system commands
SPPUSR ALL=(ALL) NOPASSWD:SYSCMD,SCSICMD,FILECMD,LVMCMD,MPATHCMD
SPPUSR ALL=(ALL) NOPASSWD:SYSCMD,SCSICMD,FILECMD,LVMCMD,MPATHCMD
# ORACLE ONLY:
# Allow SPPUSR to run all commands as the Oracle/Grid Home owners
SPPUSR ALL=(ORCLUSR) NOPASSWD:ALL
# Allow SPPUSR to run all commands as the Oracle/Grid Home owners
SPPUSR ALL=(ORCLUSR) NOPASSWD:ALL
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.1.3","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
Was this topic helpful?
Document Information
Modified date:
01 April 2019
UID
ibm10875996