This topic describes sudo file privilege configurations necessary for interacting with the Delphix Engine when virtualizing unstructured files on Unix Environments.
Considerations for sudo access and account locking
The Delphix Engine tests its ability to run the mount command using sudo on the target environment by issuing the sudo mount command with no arguments. Many of the examples shown in this topic do not allow that. This causes a warning during environment discovery and monitoring, but otherwise does not cause a problem. If your vFiles operations succeed, it is safe to Ignore this warning.
However, some users configure the security on the target environments to monitor sudo failures and lock out the offending account after some threshold. In those situations, the failure of the sudo commands might cause the delphix_os account to become locked. One work-around for this situation is to increase the threshold for locking out the user account. Another option is to modify /etc/sudoers to permit the delphix_os user to run the mount command without parameters.
Configuring sudo Access on Solaris for Unstructured Files
On a Solaris SPARC target, sudo access to mount, umount, mkdir, and rmdir is required. In this customer example, super-user privileges are restricted to the virtual dataset mount directory /delphix, and are further restricted to commands which mount data from a single Delphix Engine with IP address 100.245.235.12.
Delphix requires umount -f for emergency force unmounts on Solaris.
Example: Solaris /etc/sudoers entries for a Delphix Target for Unstructured Files
User_Alias DELPHIX_USER=delphix_os Cmnd_Alias DELPHIX_CMDS= \ /usr/sbin/mount 100.245.235.12\:* /delphix/*, \ /usr/sbin/mount * 100.245.235.12\:* /delphix/*, \ /usr/sbin/umount /delphix/*, \ /usr/sbin/umount * /delphix/*, \ /usr/sbin/umount -f /delphix/*, \ /usr/bin/mkdir /delphix/*, \ /usr/bin/mkdir -p /delphix/*, \ /usr/bin/rmdir /delphix/* DELPHIX_USER ALL=(ALL) NOPASSWD: DELPHIX_CMDS
Configuring sudo Access on Linux for Unstructured Files
On a Linux target, sudo access to mount, umount, mkdir, and rmdir is required. In this customer example, super-user privilege is restricted to the virtual database mount directory /delphix. Aliases are used to restrict the Delphix Engines which are allowed to run these commands.
Delphix requires umount -lf for emergency force unmounts on Linux.
Example: Linux /etc/sudoers file for a Delphix Target for Unstructured Files
Defaults:delphix_os !requiretty Cmnd_Alias DELPHIX_ADMIN_CMDS= \ /bin/mount /delphix/*, \ /bin/mount * /delphix/*, \ /bin/umount /delphix/*, \ /bin/umount * /delphix/*, \ /bin/umount -lf /delphix/*, \ /bin/mkdir -p -m 755 /delphix/*, \ /bin/mkdir -p /delphix/*, \ /bin/mkdir /delphix/*, \ /bin/rmdir /delphix/* Host_Alias DELPHIX_HOSTS=delphix001, delphix002 delphix_os DELPHIX_HOSTS=NOPASSWD:DELPHIX_ADMIN_CMDS
Configuring sudo Access on AIX for Unstructured Files
In addition to sudo access to the mount, umount, mkdir, and rmdir commands on AIX target hosts, Delphix also requires sudo access to nfso. This is required on target hosts for Delphix to monitor the NFS read / write sizes configured on the AIX system. Super-user access level is needed to run the nfso command. This example does not restrict the Delphix Engine which are allowed to run these commands.
Delphix requires umount -f for emergency force unmounts on AIX.
Example: AIX /etc/sudoers File for a Delphix Target for Unstructured Files
Defaults:delphix_os !requiretty delphix_os ALL=NOPASSWD: \ /bin/mount, \ /bin/umount, \ /bin/mkdir, \ /bin/rmdir, \ /usr/sbin/nfso
Configuring sudo Access on HP-UX for Unstructured Files
On the HP-UX target, as with other operating systems, sudo access to mount, umount, mkdir, and rmdir is required. This example does not restrict the Delphix Engine which are allowed to run these commands.
Example: HP-UX /etc/sudoers file for a Delphix Target for Unstructured Files
Defaults:delphix_os !requiretty delphix_os ALL=NOPASSWD:/sbin/mount, /sbin/umount, /bin/mkdir, /bin/rmdir