×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC Helix Discovery ... Using Configuring discovery Adding privileged execution to commands

Privileged commands

This section describes the available privileged commands, their impact on discovery, and the platforms on which they are available. By default, each command is left unprivileged (for example, PRIV_LSOF() { "$@" }). The user or administrator must modify the script to insert the relevant command to allow discovery to run the privileged commands. Examples are provided in Adding privileged execution to commands.

Related topics

Adding privileged execution to commands

AIX

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSCFG—The lscfg on newer VIOs requires superuser privileges to get system configuration information.
PRIV_LSLPP—The lslpp command requires superuser privileges to list all installed packages.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_LSWPAR—The lswpar command requires superuser privileges to get wpar information.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.

FreeBSD

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.

HPUX

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_CSTM—The cstm command requires superuser privileges to show configuration information,
PRIV_DF—This function supports privileged listing of file systems.
PRIV_FCMSUTIL—The fcmsutil command requires superuser privileges to list attributes of HBA devices.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LANADMIN—The lanadmin command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_SWLIST—The swlist command requires superuser privileges to list all installed packages.
PRIV_TEST—This function supports privilege testing of attributes of files.

IRIX

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.<br/>
PRIV_TEST—This function supports privilege testing of attributes of files.

Linux

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS. This command also gathers information for establishing the relationship between a virtual machine and a host.
PRIV_ETHTOOL—The ethtool command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_ESXCFG—The esxcfg-info command requires superuser privileges to to report hardware information on a VMWare ESX controller.
PRIV_HBACMD—The hbacmd command requires superuser privileges to display any HBA information.
PRIV_HWINFO—The hwinfo command requires superuser privileges to read data from the system BIOS
PRIV_LPUTIL—The lputil command requires superuser privileges to display any HBA information.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_LSHW—The lshw command requires superuser privileges to provide information on system hardware.
PRIV_MIITOOL—The mii-tool command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_NETSTAT—The netstat command requires superuser privileges to display process identifiers (PIDs) for ports opened by processes not running as the current user
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_SS—The ss command requires superuser privileges to display process identifiers (PIDs) for ports opened by processes not running as the current user
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_XE—The xe command command requires superuser privileges to to report CPU information on Xen platforms.

Mac OS X

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.

NetBSD

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.

OpenBSD

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.

OpenVMS

Not applicable to this platform. The Normal privilege category is sufficient to run the commands in the discovery script.

POWER HMC

Not applicable to this platform.

Solaris

Solaris versions 9 and later no longer use sudo as the preferred method of privilege escalation, rather, they use a more sophisticated Role Based Access Control (RBAC) privilege mechanism. One of the ways of granting a user escalated privileges is to assign them a role, which can be either system, or user defined. The preferred way to provide escalated privileges for BMC Discovery is to grant the proc_owner role to the discovery user. This enables the discovery user to obtain information on processes that belong to other users.

An alternative method is to use elevated profiles using the pfexec command. This prompts for a password, but will be handled by the discovery scripts in the same way as sudo.

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_DLADM—The dladm command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS on Solaris X86 platforms only.
PRIV_EMLXADM—The <emlxadm command requires superuser privileges to display any HBA information.
PRIV_FCINFO—The fcinfo command requires superuser privileges to display any HBA information.
PRIV_HBACMDM—The hbacmd command requires superuser privileges to display any HBA information.
PRIV_IFCONFIG—The ifconfig command requires superuser privileges to display the MAC address of each # interface.
PRIV_LPUTIL—The lputil command requires superuser privileges to display any HBA information.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_NDD—The ndd command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_PARGS—The pargs command requires superuser privileges to display full command line information for a process.
PRIV_PFILES—The pfiles command requires superuser privileges to display open port information for processes not running as the current user.
PRIV_PS—The /usr/ucb/ps command requires superuser privileges to display full command line information (without this, command lines will be limited to 80 characters). This affects Solaris 10 and later and Solaris 8 &amp; 9 with certain patches.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_VIRTINFO— This function supports privileged reporting of serial number information.

Tru64

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_HWMGR—The hwmgr command requires superuser privileges to get hardware information.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_SETLD—The setld command requires superuser privileges to display information on installed packages.
PRIV_TEST—This function supports privilege testing of attributes of files.

UnixWare

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.

VMware ESX

This refers to ssh discovery rather than discovery via the vSphere API.

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_DMIDECODE—The dmidecode command requires superuser privileges to read data from the system BIOS.
PRIV_ETHTOOL—The ethtool command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_ESXCFG—The esxcfg-info command requires superuser privileges to to report hardware information on a VMWare ESX controller.
PRIV_HBACMD—The hbacmd command requires superuser privileges to display any HBA information.
PRIV_HWINFO—The hwinfo command requires superuser privileges to read data from the system BIOS
PRIV_LPUTIL—The lputil command requires superuser privileges to display any HBA information.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_LSHW—The lshw command requires superuser privileges to provide information on system hardware.
PRIV_LSOF—The lsof command requires superuser privileges to display information on processes other than those running as the current user.
PRIV_MIITOOL—The mii-tool command requires superuser privileges to display any interface speed and negotiation settings.
PRIV_NETSTAT—The netstat command requires superuser privileges to display process identifiers (PIDs) for ports opened by processes not running as the current user
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_SS—The ss command requires superuser privileges to display process identifiers (PIDs) for ports opened by processes not running as the current user
PRIV_TEST—This function supports privilege testing of attributes of files.
PRIV_XE—The xe command command requires superuser privileges to to report CPU information on Xen platforms.

VMware ESXi

This refers to ssh discovery rather than discovery via the vSphere API.

PRIV_CAT—The cat command requires superuser privileges to display the contents of files not readable by the current user; for example, configuration files owned by the root user.
PRIV_DF—This function supports privileged listing of file systems.
PRIV_LS—This function supports privilege listing of files and directories.
PRIV_RUNCMD—This function supports running privileged commands from patterns.
PRIV_TEST—This function supports privilege testing of attributes of files.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Duncan Tweed on Apr 17, 2023
bmc_contributor privileged_commands aix freebsd hpux irix linux mac_os_x netbsd openbsd openvms power_hmc solaris tru64 unixware vmware_esxi vmware_esx

Comments

Log in or register to comment.

Adding privileged execution to commands
Configuring the BMC Discovery Outpost
© Copyright 2004 - 2023 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.