This topic introduces the concept of Privilege Elevation Profiles, how they are managed, and how they are supported. Privilege Elevation Profiles exist to provide the Delphix Engine with a mechanism for running privileged commands in a secure way to achieve the following:
- Mount and Unmount NFS filesystems
- Create and Remove directories in paths not owned by the Delphix OS user
- Examine the running process list
- Run commands as root
Privilege Elevation Profiles is an advanced CLI topic and are not documented as part of the general Delphix Engine User Guide. Changes to the default sudo-based profile scripts, or the creation of new profiles that do not work as expected, can cause serious problems and render the Delphix Engine unusable. This article is aimed at advanced end users and Delphix Professional Services consultants.
Support for Privilege Elevation Profiles
Privilege Elevation Profiles need to be tailor-made to work with non-standard environments that may use third party or proprietary a privilege elevation mechanism other than sudo. Customer are strongly encouraged to work with Delphix Professional Services to formulate reliable profile scripts. There is nothing which prevents customers from creating their own profile scripts. However, customers bear full responsibility for supporting and troubleshooting their own profile scripts. Support for profile scripts created by our Professional Services consultants are still supported by Professional Services.
How do Privilege Elevation Profiles Work?
Privilege Elevation Profiles exist within a two-tier cascading hierarchy. This means there is one default profile for the entire Delphix Engine that should contain scripts for all the operations that require privilege elevation. Additional profiles may contain a subset of the scripts. When a non default profile is used, the Delphix Engine uses that profile's scripts where they exist and reverts to the scripts in the default profile if no script for the operation exists. By default, the Delphix Engine ships with simple scripts that pass commands to the standard UNIX sudo command.
All Environments added to the Delphix Engine get added with the default Privilege Elevation Profile. The profile can be assigned on a per host basis. Below shows how a host using a non standard profile will use scripts in the cascading model.
|host profile||script used|