Sudo privilege requirements for PostgreSQL environments
This topic describes the rationale behind specific sudo privilege requirements for virtualizing PostgreSQL Databases.
The sudo configuration exists as /etc/sudoers file.
Below is the example of sudo configuration file contents as mentioned above for Postgres environment.
$ vi /etc/sudoersDefaults:postgres !requirettypostgres ALL=NOPASSWD: /bin/mount,/bin/umount,/bin/mkdir,/bin/rmdirPrivilege | Sources | Targets | Rationale |
|---|---|---|---|
mkdir/rmdir | Not Required | Required | Delphix dynamically creates and removes directories under the provisioning directory during VDB operations. |
| Not Required | Required | Delphix dynamically mounts and unmounts directories under the provisioning directory during VDB operations. This privilege is required because mount and unmount are typically reserved for superuser. |
It is required to specify the NOPASSWD qualifier within the "sudo" configuration file, as shown here: Sudo File Configuration Examples for PostgreSQL Environments. This ensures that the "sudo" command does not demand the entry of a password, even for the "display permissions" (i.e. "sudo -l") command.
AppData mount options
Depending on the NFS version used options vers=3 or vers=4.x is added (x varies depending on what that platform supports. e.g. vers=4 or vers=4.1) | |
Linux (NFSv3) |
BASH
Copy |
Linux (NFSv4) |
BASH
Copy |
Note : (For some flavors of Linux and NFSv4.1, additional optional 'v4.1' is added)
| |
unmount options | "-f" is used for all platforms. For Linux, "-lf" is used. |
Mount and unmount options subject to change
Please note that the mount and unmount options listed above are subject to change. For example, if Delphix finds that a certain option improves performance, Delphix may add, remove or change options at anytime. Therefore, it is highly recommended to create the sudo profiles using wildcards that allow any number of options.