RHEL sudoer configuration

Default configuration mapping

The following table provides the default mapping between NSP components, sudoer files, and users.

NSP component	Sudoer file(s)	User
NFM-P main or auxiliary server	nfmp-main, nspos-sudo	nsp
NFM-P main database	nfmp-main-db	oracle
NSP auxiliary database	nspos-auxdb, nspos-auxdbproxy	samauxdb
CLM	clm-sudo, nspos-sudo	nsp

Restricted root-user access

If you employ a special sudoers configuration, privileged users that you create can execute only specific NSP management and deployment commands. If a user other than the privileged non-root user attempts to execute a restricted command, the command fails.

You can also prevent remote root-user access to the stations in an NSP deployment by designating a specific privileged user for remote access.

You can restrict root-user access on the NSP deployer host and cluster VMs; NSP auxiliary database; and on NFM-P main server, auxiliary server, and main database stations.

Note: Client delegate servers do not support restricted root access.

The root user performs the initial OS and VM setup for an NSP deployment and creates the alternative users with restricted access. The root user is not required for NSP deployment operations afterward.

Restricted root-user access:

• assigns sudo privileges for only the required commands per user

• ensures that any configuration or control actions are traceable to a specific user

• meets an important CIS security benchmark

See “Restricting root-user system access” in the NSP Installation and Upgrade Guide for more information.