Skip to main content
Skip table of contents

Sudo privilege requirements for Oracle environments

This topic describes the rationale behind specific sudo privilege requirements for virtualizing Oracle Databases.

Privilege

Sources

Targets

Rationale

ps | pargs

Optional, Strongly Recommended

Optional, Strongly Recommended

Delphix auto-discovery uses the TNS_ADMIN environment variable of Oracle Listener processes with non-standard configurations to derive their connection parameters. A different user (oracle), rather than delphix_os user normally owns the oracle listener. The Delphix Engine needs sudo access to pargs on the Solaris OS or ps on other OSes to determine the environment variables of those Listener processes.

This privilege is required for Auto-Discovery with non-default TNS_ADMIN locations. It is optional when using a standard TNS_ADMIN location, or if you choose to manually configure Oracle Homes, databases and listeners.

mount/umount

Not Required

Required

The Delphix Engine dynamically mounts and unmounts directories under the provisioning directory during VDB operations. This privilege is required because mount and umount are typically reserved for superuser.

nfso (AIX only)

Not Required

Required

The Delphix Engine monitors NFS read and write sizes on an AIX target host. It uses the nfso command to query the sizes in order to optimize NFS performance for VDBs running on the target host. Only a superuser can issue the nfso command.

$ORACLE_HOME/OPatch/datapatch

Not Required

Optional

This is required to invoke Datapatch command with any environment user other than the Oracle user.

It is required to specify the NOPASSWD qualifier within the "sudo" configuration file, as shown here: Sudo File Configuration Examples for Oracle Environments. This ensures that the "sudo" command does not demand the entry of a password, even for the "display permissions" (i.e. "sudo -l") command.

Delphix issues "sudo -l" in some scripts to detect if the operating system user has the correct sudo privileges. If it is unable to execute this command, some actions may fail and Delphix will raise an alert suggesting it does not have the correct sudo permissions. Restricting the execution of "sudo -l" by setting “listpw=always” in the “/etc/sudoers” file when the Delphix operating system user is configured to use public key authentication will cause the Delphix operating system user to be prompted for a password which will fail certain Delphix actions. Use a less restrictive setting for listpw than "always" when the Delphix operating system user is using public-key authentication.

Oracle mount options for RAC

AIX

CODE 
cio,rw,bg,hard,nointr,timeo=600,proto=tcp,nosuid,noac

HPUX

CODE 
rw,bg,hard,rsize=1048576,wsize=1048576,nointr,timeo=600,proto=tcp,nosuid,forcedirectio,noac

Solaris

CODE 
rrw,bg,hard,rsize=1048576,wsize=1048576,nointr,proto=tcp,nosuid,forcedirectio,noac

For the above platforms, depending on NFS version used, additional options vers=3 or vers=4.x is added (x varies depending on what that platform supports. e.g. vers=4 or vers=4.1)

Linux (NFSv3)

CODE 
-t nfs rw,bg,hard,rsize=1048576,wsize=1048576,nointr,timeo=600,tcp,nosuid,sec=sys,vers=3,actimeo=0

Linux (NFSv4)

CODE 
-t nfs4 rw,bg,hard,rsize=1048576,wsize=1048576,nointr,timeo=600,tcp,nosuid,sec=sys,actimeo=0

  1. For both Single instance and RAC, "port=2049" option is added for all platforms.

  2. For AIX, rsize=<value>,wsize=<value> options are added depending on the value returned by "/usr/sbin/nfso -o nfs_max_read_size" and "/usr/sbin/nfso -o nfs_max_write_size" commands.

Oracle unmount options

"-f" is used for all platforms. For Linux, "-lf" is used.

Oracle mount options for single instance

AIX

CODE 
cio,rw,bg,hard,intr,timeo=600,proto=tcp,nosuid

HPUX

CODE 
rw,bg,hard,rsize=1048576,wsize=1048576,nointr,timeo=600,proto=tcp,nosuid,forcedirectio

Solaris

CODE 
rw,bg,hard,rsize=1048576,wsize=1048576,nointr,proto=tcp,nosuid,forcedirectio

For the above platforms, depending on NFS version used, additional options vers=3 or vers=4.x is added (x varies depending on what that platform supports. e.g. vers=4 or vers=4.1)

Linux (NFSv3)

CODE 
-t nfs rw,bg,hard,rsize=1048576,wsize=1048576,nointr,timeo=600,tcp,nosuid,sec=sys,vers=3

Linux (NFSv4)

CODE 
-t nfs4 rw,bg,hard,rsize=1048576,wsize=1048576,nointr,timeo=600,tcp,nosuid,sec=sys

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close