Skip to main content
Skip table of contents

Sudo file configuration examples for PostgreSQL environments

This topic describes the rationale behind specific sudo privilege requirements for virtualizing PostgreSQL Databases.

The sudo configuration exists as /etc/sudoers file.

Requiretty settings

Delphix requires that the requiretty setting be disabled for all Delphix users with sudo privileges.

Configuring sudo access on Linux for PostgreSQL target environments

Below is the example of sudo configuration file contents as mentioned above for the Postgres environment.

CODE 
$ vi /etc/sudoers
Defaults:postgres !requiretty
postgres ALL=NOPASSWD:  /bin/mount,/bin/umount,/bin/mkdir,/bin/rmdir

Note that the following examples are for illustrative purposes and the sudo file configuration options are subject to change.

Example 1

This example restricts the PostgreSQL user's use of sudo privileges to the directory /postgres.

Note that wildcards are allowed for the options on mount and umount because those commands expect a fixed number of arguments after the options. The option wildcard on the mount command also makes it possible to specify the file-system being mounted from the Delphix Engine.

However, wildcards are not acceptable on mkdir and rmdir because they can have any number of arguments after the options. For those commands, you must specify the exact options (-p-p -m 755) used by the Delphix Engine.

Example: /etc/sudoers File Configuration on the Target Environment for sudo Privileges on the VDB Mount Directory Only (Linux OS)

CODE 
Defaults:postgres !requiretty
delphix_os ALL=(root) NOPASSWD: \
/bin/mount  *        /postgres/*, \
/bin/umount *        /postgres/*, \
/bin/umount          /postgres/*, \
/bin/mkdir -p        /postgres/*, \
/bin/mkdir -p -m 755 /postgres/*, \
/bin/mkdir           /postgres/*, \
/bin/rmdir           /postgres/*

Example 2

This example restricts the PostgreSQL user's use of sudo privileges to the directory /postgres, restricts the mount commands to a specific Delphix Engine hostname and IP, and does not allow user-specified options for the umount command.

This configuration is more secure, but there is a tradeoff with deployment simplicity. This approach would require a different sudo configuration for targets configured for different Delphix Engines.

Example: Configuring the /etc/sudoers File on the Target Environment for Privileges on the VDB Mount Directory Only (Linux OS)

CODE 
Defaults:delphix_os !requiretty
delphix_os ALL=(root) NOPASSWD: \
/bin/mount           <delphix-server-name>* /postgres/*, \
/bin/mount *         <delphix-server-name>* /postgres/*, \
/bin/mount           <delphix-server-ip>*   /postgres/*, \
/bin/mount *         <delphix-server-ip>*   /postgres/*, \
/bin/mount "", \
/bin/umount          /postgres/*, \
/bin/umount *        /postgres/*, \
/bin/mkdir [*]       /postgres/*, \
/bin/mkdir           /postgres/*, \
/bin/mkdir -p        /postgres/*, \
/bin/mkdir -p -m 755 /postgres/*, \
/bin/rmdir           /postgres/*

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close