This documentation supports the 11.1 version of BMC Discovery.

To view an earlier version of the product, select the version from the Product version menu.

Privileged commands

This section describes the available privileged commands, their impact on discovery, and the platforms on which they are available. By default, each command is left unprivileged (for example, PRIV_LSOF() { "$@" }). The user or administrator must modify the script to insert the relevant command to allow discovery to run the privileged commands. Examples are provided in Adding privileged execution to commands.

AIX

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSCFG-The lscfg on newer VIOs requires superuser privileges to get system configuration information.
PRIV_LSLPP—The lslpp command requires superuser privileges to list all installed packages.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_LSWPAR—The lswpar command requires superuser privileges to get wpar information.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.

FreeBSD

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.

HPUX

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_CSTM—The cstm command requires superuser privileges to show configuration information,
PRIV_DF—This function supports privileged listing of file systems.
PRIV_FCMSUTIL—The fcmsutil command requires superuser privileges to list attributes of HBA devices.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LANADMIN—The lanadmin command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_SWLIST—The swlist command requires superuser privileges to list all installed packages.
PRIV_TEST—This function supports privilege testing of attributes of files.

IRIX

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.

Linux

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS.
PRIV_ETHTOOL—The ethtool command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_ESXCFG—The esxcfg-info command requires superuser privileges to to report hardware information on a VMWare ESX controller.
PRIV_HBACMD—The hbacmd command requires superuser privileges to display any HBA information.
PRIV_HWINFO—The hwinfo command requires superuser privileges to read data from the system BIOS
PRIV_LPUTIL—The lputil command requires superuser privileges to display any HBA information.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_MIITOOL—The mii-tool command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_NETSTAT—The netstat command requires superuser privileges to display process identifiers (PIDs) for ports opened by processes not running as the current user
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_SS—The ss command requires superuser privileges to display process identifiers (PIDs) for ports opened by processes not running as the current user
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_XE—The xe command command requires superuser privileges to to report CPU information on Xen platforms.

Mac OS X

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.

NetBSD

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.

OpenBSD

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.

OpenVMS

Not applicable to this platform. The Normal privilege category is sufficient to run the commands in the discovery script.

POWER HMC

Not applicable to this platform.

Solaris

Solaris versions 9 and later no longer use sudo as the preferred method of privilege escalation, rather, they use a more sophisticated Role Based Access Control (RBAC) privilege mechanism. One of the ways of granting a user escalated privileges is to assign them a role, which can be either system, or user defined. The preferred way to provide escalated privileges for BMC Discovery is to grant the proc_owner role to the discovery user. This enables the discovery user to obtain information on processes that belong to other users.

An alternative method is to use elevated profiles using the pfexec command. This prompts for a password, but will be handled by the discovery scripts in the same way as sudo.

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_DLADM—The dladm command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS on Solaris X86 platforms only.
PRIV_EMLXADM—The emlxadm command requires superuser privileges to display any HBA information.
PRIV_FCINFO—The fcinfo command requires superuser privileges to display any HBA information.
PRIV_HBACMDM—The hbacmd command requires superuser privileges to display any HBA information.
PRIV_IFCONFIG—The ifconfig command requires superuser privileges to display the MAC address of each # interface.
PRIV_LPUTIL—The lputil command requires superuser privileges to display any HBA information.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_NDD—The ndd command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_PARGS—The pargs command requires superuser privileges to display full command line information for a process.
PRIV_PFILES—The pfiles command requires superuser privileges to display open port information for processes not running as the current user.
PRIV_PS—The /usr/ucb/ps command requires superuser privileges to display full command line information (without this, command lines will be limited to 80 characters). This affects Solaris 10 and later and Solaris 8 & 9 with certain patches.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.

Tru64

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_HWMGR—The hwmgr command requires superuser privileges to get hardware information.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_SETLD—The setld command requires superuser privileges to display information on installed packages.
PRIV_TEST—This function supports privilege testing of attributes of files.

UnixWare

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.

VMware ESX

This refers to ssh discovery rather than discovery via the vSphere API.
PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS.
PRIV_ETHTOOL—The ethtool command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_ESXCFG—The esxcfg-info command requires superuser privileges to to report hardware information on a VMWare ESX controller.

PRIV_HBACMD—The hbacmd command requires superuser privileges to display any HBA information.
PRIV_HWINFO—The hwinfo command requires superuser privileges to read data from the system BIOS
PRIV_LPUTIL—The lputil command requires superuser privileges to display any HBA information.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_MIITOOL—The mii-tool command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_NETSTAT—The netstat command requires superuser privileges to display process identifiers (PIDs) for ports opened by processes not running as the current user
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_SS—The ss command requires superuser privileges to display process identifiers (PIDs) for ports opened by processes not running as the current user
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_XE—The xe command command requires superuser privileges to to report CPU information on Xen platforms.

VMware ESXi

This refers to ssh discovery rather than discovery via the vSphere API.
PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.

Was this page helpful? Yes No Submitting... Thank you

Comments