This topic describes the rationale behind specific sudo privilege requirements for virtualizing Oracle Databases.

PrivilegeSourcesTargetsRationale

ps | pargs

RequiredRequired

Delphix auto-discovery uses the TNS_ADMIN environment variable of Oracle Listener processes with non-standard configurations to derive their connection parameters. An Oracle Listener is normally owned by a different user (oracle) than the delphix_os user. The Delphix Engine needs sudo access to pargs on the Solaris OS or ps on other OSes to examine the environment variables of those Listener processes.

mkdir/rmdirNot RequiredOptionalDelphix dynamically makes and removes directories under the provisioning directory during VDB operations. This privilege is optional, provided the provisioning directory permissions allow the delphix_os user to make and remove directories.
mount/umountNot RequiredRequiredDelphix dynamically mounts and unmounts directories under the provisioning directory during VDB operations. This privilege is required because mount and umount are typically reserved for superuser.
nfso (AIX only)Not RequiredRequiredDelphix monitors NFS read and write sizes on an AIX target host. It uses the nfso command to query the sizes in order to optimize NFS performance for VDBs running on the target host. Only a superuser can issue the nfso command.

It is required to specify the NOPASSWD qualifier within the "sudo" configuration file, as shown here: Sudo File Configuration Examples for Oracle Environments.  This ensures that the "sudo" command does not demand the entry of a password, even for the "display permissions" (i.e. "sudo -l") command.