sudo privilege requirements for virtualizing SAP ASE Databases.| Privilege | Sources | Targets | Rationale |
|---|---|---|---|
| Required on Solaris | Required on Solaris | Delphix attempts to call pargs to discover the arguments of the ASE processes. It needs the name of each running dataserver or backupserver process so that it can try to connect to the instances to gather further information during the discovery process. |
| Optional on Linux, AIX | Optional on Linux, AIX | Delphix attempts to call Unlike Solaris, Delphix can usually determine the arguments without sudo privileges on Linux/AIX. But Delphix will attempt " |
mount/umount | Not Required | Required | Delphix dynamically mounts and unmounts directories under the provisioning directory during VDB operations. This privilege is required because mount and umount are typically reserved for superuser. |
nfso | Not Required | Required on AIX | Delphix monitors NFS read and write sizes on an AIX target host. It uses the nfso command to query the sizes in order to optimize NFS performance for VDBs running on the target host. Only a superuser can issue the nfso command. |
It is required to specify the NOPASSWD qualifier within the "sudo" configuration file, as shown here: Sudo File Configuration Examples for SAP ASE Environments. This ensures that the "sudo" command does not demand the entry of a password, even for the "display permissions" (i.e. "sudo -l") command.
Delphix issues "sudo -l" in some scripts to detect if the operating system user has the correct sudo privileges. If it is unable to execute this command, some actions may fail and Delphix will raise an alert suggesting it does not have the correct sudo permissions. Restricting the execution of "sudo -l" by setting “listpw=always” in the “/etc/sudoers” file when the Delphix operating system user is configured to use public key authentication will cause the Delphix operating system user to be prompted for a password which will fail certain Delphix actions. Use a less restrictive setting for listpw than "always" when the Delphix operating system user is using public key authentication.