RHEL sudoer configuration
Default configuration mapping
The following table provides the default mapping between NSP components, sudoer files, and users.
NSP component |
Sudoer file(s) |
User |
---|---|---|
NFM-P main or auxiliary server |
nfmp-main, nspos-sudo |
nsp |
NFM-P main database |
nfmp-main-db |
oracle |
NSP auxiliary database |
nspos-auxdb, nspos-auxdbproxy |
samauxdb |
CLM |
clm-sudo, nspos-sudo |
nsp |
Restricted root-user access
If you employ a special sudoers configuration, privileged users that you create can execute only specific NSP management and deployment commands. If a user other than the privileged non-root user attempts to execute a restricted command, the command fails.
You can also prevent remote root-user access to the stations in an NSP deployment by designating a specific privileged user for remote access.
You can restrict root-user access on the NSP deployer host and cluster VMs; NSP auxiliary database; and on NFM-P main server, auxiliary server, and main database stations.
Note: Client delegate servers do not support restricted root access.
The root user performs the initial OS and VM setup for an NSP deployment and creates the alternative users with restricted access. The root user is not required for NSP deployment operations afterward.
Restricted root-user access:
-
assigns sudo privileges for only the required commands per user
-
ensures that any configuration or control actions are traceable to a specific user
See “Restricting root-user system access” in the NSP Installation and Upgrade Guide for more information.