Privileged commands

This page describes the available privileged commands, their impact on discovery, and the platforms on which they are available. By default, each command is left unprivileged (for example, PRIV_LSOF() { "$@" }). The user or administrator must modify the script to insert the relevant command to allow discovery to run the privileged commands. Examples are provided in adding privileged execution to commands.

AIX

PRIV_CAT: The cat command requires superuser privileges to display the contents of files not readable by the current user. For example, configuration files owned by the root user.
PRIV_LSOF: The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD: This function supports running privileged commands from patterns.
PRIV_LSLPP: The lslpp command requires superuser privileges to list all installed packages.
PRIV_TEST: This function supports privilege testing of attributes of files.
PRIV_LS: This function supports privilege listing of files and directories.

FreeBSD

PRIV_CAT: The cat command requires superuser privileges to display the contents of files not readable by the current user. For example, configuration files owned by the root user.
PRIV_LSOF: The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD: This function supports running privileged commands from patterns.
PRIV_DMIDECODE: The dmidecode command requires superuser privileges to read data from the system BIOS.
PRIV_TEST: This function supports privilege testing of attributes of files.
PRIV_LS: This function supports privilege listing of files and directories.

HPUX

PRIV_CAT: The cat command requires superuser privileges to display the contents of files not readable by the current user. For example, configuration files owned by the root user.
PRIV_LSOF: The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD: This function supports running privileged commands from patterns.
PRIV_LANADMIN: The lanadmin command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_SWLIST: The swlist command requires superuser privileges to list all installed packages.
PRIV_TEST: This function supports privilege testing of attributes of files.
PRIV_LS: This function supports privilege listing of files and directories.

IRIX

PRIV_CAT: The cat command requires superuser privileges to display the contents of files not readable by the current user. For example, configuration files owned by the root user.
PRIV_LSOF: The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD: This function supports running privileged commands from patterns.
PRIV_TEST: This function supports privilege testing of attributes of files.
PRIV_LS: This function supports privilege listing of files and directories.

Linux

PRIV_CAT: The cat command requires superuser privileges to display the contents of files not readable by the current user. For example, configuration files owned by the root user.
PRIV_LSOF: The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD: This function supports running privileged commands from patterns.
PRIV_TEST: This function supports privilege testing of attributes of files.
PRIV_LS: This function supports privilege listing of files and directories.
PRIV_DMIDECODE: The dmidecode command requires superuser privileges to read data from the system BIOS.
PRIV_HWINFO: The hwinfo command requires superuser privileges to read data from the system BIOS
PRIV_MIITOOL: The mii-tool command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_ETHTOOL: The ethtool command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_NETSTAT: The netstat command requires superuser privileges to display process identifiers (PIDs) for ports opened by processes not running as the current user
PRIV_LPUTIL: The lputil command requires superuser privileges to display any HBA information.
PRIV_HBACMD: The hbacmd command requires superuser privileges to display any HBA information.
PRIV_XE: The xe command command requires superuser privileges to to report CPU information on Xen platforms.
PRIV_ESXCFG: The esxcfg-info command requires superuser privileges to to report hardware information on a VMWare ESX controller.

Mac OS X

PRIV_CAT: The cat command requires superuser privileges to display the contents of files not readable by the current user. For example, configuration files owned by the root user.
PRIV_LSOF: The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD: This function supports running privileged commands from patterns.
PRIV_TEST: This function supports privilege testing of attributes of files.
PRIV_LS: This function supports privilege listing of files and directories.

NetBSD

PRIV_CAT: The cat command requires superuser privileges to display the contents of files not readable by the current user. For example, configuration files owned by the root user.
PRIV_LSOF: The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD: This function supports running privileged commands from patterns.
PRIV_TEST: This function supports privilege testing of attributes of files.
PRIV_LS: This function supports privilege listing of files and directories.
PRIV_DMIDECODE: The dmidecode command requires superuser privileges to read data from the system BIOS.

OpenBSD

PRIV_CAT: The cat command requires superuser privileges to display the contents of files not readable by the current user. For example, configuration files owned by the root user.
PRIV_LSOF: The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD: This function supports running privileged commands from patterns.
PRIV_TEST: This function supports privilege testing of attributes of files.
PRIV_LS: This function supports privilege listing of files and directories.
PRIV_DMIDECODE: The dmidecode command requires superuser privileges to read data from the system BIOS.

OpenVMS

Not applicable to this platform. The Normal privilege category is sufficient to run the commands in the discovery script.

POWER HMC

Not applicable to this platform.

Solaris

PRIV_CAT: The cat command requires superuser privileges to display the contents of files not readable by the current user. For example, configuration files owned by the root user.
PRIV_LSOF: The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD: This function supports running privileged commands from patterns.
PRIV_TEST: This function supports privilege testing of attributes of files.
PRIV_LS: This function supports privilege listing of files and directories.
PRIV_EMLXADM: The emlxadm command requires superuser privileges to display any HBA information.
PRIV_FCINFO: The fcinfo command requires superuser privileges to display any HBA information.
PRIV_DMIDECODE: The dmidecode command requires superuser privileges to read data from the system BIOS on Solaris X86 platforms only.
PRIV_IFCONFIG: The ifconfig command requires superuser privileges to display the MAC address of each # interface.
PRIV_NDD: The ndd command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_PS: The /usr/ucb/ps command requires superuser privileges to display full command line information (without this, command lines will be limited to 80 characters). This affects Solaris 10 and Solaris 8 & 9 with certain patches.
PRIV_LPUTIL: The lputil command requires superuser privileges to display any HBA information.
PRIV_HBACMD: The hbacmd command requires superuser privileges to display any HBA information.
PRIV_PFILES: The pfiles command requires superuser privileges to display open port information for processes not running as the current user.

Tru64

PRIV_CAT: The cat command requires superuser privileges to display the contents of files not readable by the current user. For example, configuration files owned by the root user.
PRIV_LSOF: The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD: This function supports running privileged commands from patterns.
PRIV_SETLD: The setld command requires superuser privileges to display information on installed packages.
PRIV_TEST: This function supports privilege testing of attributes of files.
PRIV_LS: This function supports privilege listing of files and directories.

UnixWare

PRIV_CAT: The cat command requires superuser privileges to display the contents of files not readable by the current user. For example, configuration files owned by the root user.
PRIV_LSOF: The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD: This function supports running privileged commands from patterns.
PRIV_TEST: This function supports privilege testing of attributes of files.
PRIV_LS: This function supports privilege listing of files and directories.

VMware ESX

This refers to ssh discovery rather than discovery via the vSphere API.
PRIV_LSOF: The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD: This function supports running privileged commands from patterns.
PRIV_CAT: The cat command requires superuser privileges to display the contents of files not readable by the current user. For example, configuration files owned by the root user.
PRIV_TEST: This function supports privilege testing of attributes of files.
PRIV_LS: This function supports privilege listing of files and directories.
PRIV_DMIDECODE: The dmidecode command requires superuser privileges to read data from the system BIOS.
PRIV_HWINFO: The hwinfo command requires superuser privileges to read data from the system BIOS.
PRIV_MIITOOL: The mii-tool command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_ETHTOOL: The ethtool command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_NETSTAT: The netstat command requires superuser privileges to display process identifiers (PIDs) for ports opened by processes not running as the current user.
PRIV_LPUTIL: The lputil command requires superuser privileges to display any HBA information.
PRIV_HBACMD: The hbacmd command requires superuser privileges to display any HBA information.
PRIV_XE: The Xen xe command requires superuser privileges.
PRIV_ESXCFG: The esxcfg-info command requires superuser privileges.

VMware ESXi

This refers to ssh discovery rather than discovery via the vSphere API.
PRIV_LSOF: The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD: This function supports running privileged commands from patterns.
PRIV_CAT: The cat command requires superuser privileges to display the contents of files not readable by the current user. For example, configuration files owned by the root user.
PRIV_TEST: This function supports privilege testing of attributes of files.
PRIV_LS: This function supports privilege listing of files and directories.

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Allan Mertner

    This page would benefit from an example.

    Aug 25, 2012 06:00
    1. Timothy Onyskin

      I agree completely.

      Sep 03, 2012 10:16
      1. Duncan Tweed

        Hi,

        I've updated the page (last sentence, first paragraph) to include a link to the parent page which includes examples on how to add privileged execution to a command.

        Hope that helps.

        Duncan.

        Sep 03, 2012 10:20
        1. Timothy Onyskin

          The link you posted doesn't give a detailed enough description of the placement of the sudo command in the platform script. (See forum post http://discovery.bmc.com/community/forum/viewthread/2480/ where I ask for a little more detail.)

          Sep 03, 2012 10:23