######################################################################################################################################### # # RECOMMENDED /ETC/SUDOERS SETTINGS FOR AVAILABILITYGUARD UNIX/LINUX/SYMCLI SCAN # # Version 1.1 # # # © 2017 by Continuity Software Inc. All rights reserved. # Information contained in this document is subject to change without notice. # This document is provided 'as is' without warranty of any kind. # ######################################################################################################################################### ### SymCLI proxy username ALL= NOPASSWD: /usr/symcli/bin/* list*, /usr/symcli/bin/symcli -def ### All UNIX flavors username ALL= NOPASSWD: /bin/cat *, /bin/ls * ### Servers that use EMC storage username ALL= NOPASSWD: /usr/symcli/bin/symdg list *, /usr/symcli/bin/symcg list *, /usr/symcli/bin/sympd list *, /usr/symcli/bin/syminq *, /usr/local/bin/inq *, /usr/sbin/powermt display*, /sbin/powermt display*, /etc/powermt display* ### Servers that use HDS/HP XP storage username ALL= NOPASSWD: /HORCM/usr/bin/inqraid *, /HORCM/usr/bin/raidqry *, /HORCM/usr/bin/raidscan *, /HORCM/usr/bin/pairdisplay *, /usr/local/bin/lunstat *, /usr/DynamicLinkManager/bin/dlnkmgr view *, /sbin/xpinfo*, /sbin/spmgr display*, /sbin/autopath display* ### Servers that use NetApp storage username ALL= NOPASSWD: /opt/netapp/santools/sanlun lun show all, /opt/NetApp/snapdrive/bin/snapdrive storage show ### Servers that use IBM storage username ALL= NOPASSWD: /usr/sbin/datapath query device, /usr/sbin/pcmpath query device, /opt/xiv/host_attach/bin/xiv_devlist ### Servers with Veritas SF and Cluster username ALL= NOPASSWD: /usr/sbin/vxdisk path, /usr/sbin/vxdisk list*, /usr/sbin/vxdmpadm list*, /sbin/lltstat -c, /sbin/lltstat -nvv, /sbin/gabconfig -v, /sbin/gabconfig -l, /sbin/vxfenadm -d, /opt/VRTSvcs/bin/haclus -state, /opt/VRTSvcs/bin/haclus -display*, /opt/VRTSvcs/bin/hagrp -display*, /opt/VRTSvcs/bin/hagrp -dep, /opt/VRTSvcs/bin/hares -display*, /opt/VRTSvcs/bin/hares -dep, /opt/VRTSvcs/bin/hasys -display*, /opt/VRTSvcs/bin/hasys -nodeid, /opt/VRTSvcs/bin/hahb -display*, /usr/sbin/vradmin printvol, /usr/sbin/vradmin printrvg, /usr/sbin/vradmin * repstatus * ### Servers with Oracle database username ALL= NOPASSWD: /bin/cat */listener.log, /bin/cat *alert_*.log, /bin/cat */listener.ora ### Additional for Solaris servers username ALL= NOPASSWD: /usr/sbin/fcinfo ### Additional for Linux servers username ALL= NOPASSWD: /usr/sbin/vgdisplay, /usr/sbin/lvdisplay*, /usr/sbin/pvdisplay, /sbin/vgdisplay, /sbin/lvdisplay*, /sbin/pvdisplay, /sbin/multipath -l, /sbin/scsi_id *, /bin/raw -qa, /usr/bin/raw -qa, /usr/sbin/ccs, /usr/sbin/clustat,/sbin/crm_mon, /sbin/pcs ### Additional for AIX servers username ALL= NOPASSWD: /usr/es/sbin/cluster/utilities/cldisp, /usr/es/sbin/cluster/diag/clver ### Additional for HP-UX servers username ALL= NOPASSWD: /usr/sbin/cmviewcl *