Privileged commands

This section describes the available privileged commands, their impact on discovery, and the platforms on which they are available. By default, each command is left unprivileged (for example, PRIV_LSOF() { "$@" }). The user or administrator must modify the script to insert the relevant command to allow discovery to run the privileged commands. Examples are provided in Adding privileged execution to commands.

AIX

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user. 
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_LSLPP—The lslpp command requires superuser privileges to list all installed packages.
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_LS—This function supports privilege listing of files and directories.

FreeBSD

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user. 
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS.
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_LS—This function supports privilege listing of files and directories.

HPUX

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user. 
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_LANADMIN—The lanadmin command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_SWLIST—The swlist command requires superuser privileges to list all installed packages.
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_LS—This function supports privilege listing of files and directories.
FCMSUTIL—This command requires superuser privileges to list attributes of HBA devices.

IRIX

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user. 
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_LS—This function supports privilege listing of files and directories.

Linux

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user. 
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS.
PRIV_HWINFO—The hwinfo command requires superuser privileges to read data from the system BIOS
PRIV_MIITOOL—The mii-tool command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_ETHTOOL—The ethtool command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_NETSTAT—The netstat command requires superuser privileges to display process identifiers (PIDs) for ports opened by processes not running as the current user
PRIV_SS—The ss command requires superuser privileges to display process identifiers (PIDs) for ports opened by processes not running as the current user
PRIV_LPUTIL—The lputil command requires superuser privileges to display any HBA information.
PRIV_HBACMD—The hbacmd command requires superuser privileges to display any HBA information.
PRIV_XE—The xe command command requires superuser privileges to to report CPU information on Xen platforms.
PRIV_ESXCFG—The esxcfg-info command requires superuser privileges to to report hardware information on a VMWare ESX controller.

Mac OS X

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user. 
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_LS—This function supports privilege listing of files and directories.

NetBSD

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user. 
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS.

OpenBSD

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user. 
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS.

OpenVMS

Not applicable to this platform. The Normal privilege category is sufficient to run the commands in the discovery script.

POWER HMC

Not applicable to this platform.

Solaris


Solaris versions 9 and later no longer use sudo as the preferred method of privilege escalation, rather, they use a more sophisticated Role Based Access Control (RBAC) privilege mechanism. One of the ways of granting a user escalated privileges is to assign them a role, which can be either system, or user defined. The preferred way to provide escalated privileges for BMC Discovery is to grant the proc_owner role to the discovery user. This enables the discovery user to obtain information on processes that belong to other users.

An alternative method is to use elevated profiles using the pfexec command. This prompts for a password, but will be handled by the discovery scripts in the same way as sudo.

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user. 
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_EMLXADM—The emlxadm command requires superuser privileges to display any HBA information.
PRIV_FCINFO—The fcinfo command requires superuser privileges to display any HBA information.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS on Solaris X86 platforms only.
PRIV_IFCONFIG—The ifconfig command requires superuser privileges to display the MAC address of each # interface.
PRIV_NDD—The ndd command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_PS—The /usr/ucb/ps command requires superuser privileges to display full command line information (without this, command lines will be limited to 80 characters). This affects Solaris 10 and later and Solaris 8 & 9 with certain patches.
PRIV_LPUTIL—The lputil command requires superuser privileges to display any HBA information.
PRIV_HBACMD—The hbacmd command requires superuser privileges to display any HBA information.
PRIV_PFILES—The pfiles command requires superuser privileges to display open port information for processes not running as the current user.
PRIV_DLADM—The dladm command requires superuser privileges to display any interface speed and negotiation settings.  


Tru64

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user. 
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_SETLD—The setld command requires superuser privileges to display information on installed packages.
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_LS—This function supports privilege listing of files and directories.

UnixWare

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user. 
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_LS—This function supports privilege listing of files and directories.

VMware ESX

This refers to ssh discovery rather than discovery via the vSphere API.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user. 
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS.
PRIV_HWINFO—The hwinfo command requires superuser privileges to read data from the system BIOS.
PRIV_MIITOOL—The mii-tool command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_ETHTOOL—The ethtool command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_NETSTAT—The netstat command requires superuser privileges to display process identifiers (PIDs) for ports opened by processes not running as the current user.
PRIV_LPUTIL—The lputil command requires superuser privileges to display any HBA information.
PRIV_HBACMD—The hbacmd command requires superuser privileges to display any HBA information.
PRIV_XE—The Xen xe command requires superuser privileges.
PRIV_ESXCFG—The esxcfg-info command requires superuser privileges.

VMware ESXi

This refers to ssh discovery rather than discovery via the vSphere API.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user. 
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_LS—This function supports privilege listing of files and directories.

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Vijay Dahiya

    Hi Team, In Linux Command section, you have below duplicate words:

    PRIV_XE—The xe command command

    Kindly correct the same.

    Nov 12, 2018 08:02