Using Sudo to Grant Privileges For Linux Servers

To add a Linux server to the Agentless Data Collector, the account used must be either root or have password-less sudo privileges. When specifying which individual commands an account should be able to run, sudo requires the full path to the command to be specified in the sudoers file. Because of this, the entries will vary slightly depending on the linux distribution. Most commonly, some distributions prefer to use /bin and /sbin, while some prefer /usr/bin and /usr/sbin.

Below are some sample configurations. Note, it is recommended to test on one machine first before deploying the sudoers update to all machines. Note that even different major versions of the same distribution may require different paths.

All examples assume a user account name of cloudamize.

Checking the Paths

You can check the paths for the commands by running which <cmd>. For example, which ss. Upon a permission check failure, the Agentless Data Collector will also print all commands including correct paths to add to sudoers (but does not include specific arguments).

Red Hat 7

No arguments

cloudamize ALL = (root) NOPASSWD: /usr/sbin/dmidecode cloudamize ALL = (root) NOPASSWD: /usr/bin/cat cloudamize ALL = (root) NOPASSWD: /usr/readlink cloudamize ALL = (root) NOPASSWD: /usr/bin/ls cloudamize ALL = (root) NOPASSWD: /usr/bin/mount -l, /usr/bin/mount --version cloudamize ALL = (root) NOPASSWD: /usr/sbin/blkid cloudamize ALL = (root) NOPASSWD: /usr/sbin/dmsetup deps cloudamize ALL = (root) NOPASSWD: /usr/bin/head cloudamize ALL = (root) NOPASSWD: /usr/bin/grep cloudamize ALL = (root) NOPASSWD: /usr/sbin/ss cloudamize ALL = (root) NOPASSWD: /usr/bin/netstat cloudamize ALL = (root) NOPASSWD: /usr/sbin/pvs cloudamize ALL = (root) NOPASSWD: /usr/sbin/lvs
cloudamize ALL = (root) NOPASSWD: /usr/sbin/dmidecode, /usr/bin/cat, /usr/bin/readlink, /usr/bin/ls, /usr/bin/mount -l, /usr/bin/mount --version, /usr/sbin/blkid, /usr/sbin/dmsetup deps, /usr/bin/head, /usr/bin/grep, /usr/sbin/ss, /usr/bin/netstat, /usr/sbin/pvs, /usr/sbin/lvs

Specific

cloudamize ALL = (root) NOPASSWD: /usr/bin/netstat -V cloudamize ALL = (root) NOPASSWD: /usr/sbin/ss -V cloudamize ALL = (root) NOPASSWD: /usr/sbin/dmidecode -V cloudamize ALL = (root) NOPASSWD: /usr/bin/readlink --version cloudamize ALL = (root) NOPASSWD: /usr/bin/cat --version cloudamize ALL = (root) NOPASSWD: /usr/bin/ls --version cloudamize ALL = (root) NOPASSWD: /usr/bin/mount --version cloudamize ALL = (root) NOPASSWD: /usr/bin/cat /etc/os-release cloudamize ALL = (root) NOPASSWD: /usr/bin/cat /proc/* cloudamize ALL = (root) NOPASSWD: /usr/bin/readlink /proc/* cloudamize ALL = (root) NOPASSWD: /usr/sbin/dmidecode -t * cloudamize ALL = (root) NOPASSWD: /usr/bin/ls -lR /dev/ cloudamize ALL = (root) NOPASSWD: /usr/bin/ls -lR /sys/ cloudamize ALL = (root) NOPASSWD: /usr/bin/mount -l cloudamize ALL = (root) NOPASSWD: /usr/sbin/blkid cloudamize ALL = (root) NOPASSWD: /usr/sbin/dmsetup deps cloudamize ALL = (root) NOPASSWD: /usr/bin/grep ExecStart /lib/systemd/system/mssql-server.service cloudamize ALL = (root) NOPASSWD: /usr/bin/head -n 20 /var/opt/mssql/log/errorlog cloudamize ALL = (root) NOPASSWD: /usr/bin/grep WorkingDirectory /lib/systemd/system/mssql-server.service cloudamize ALL = (root) NOPASSWD: /usr/sbin/ss -atnp cloudamize ALL = (root) NOPASSWD: /usr/sbin/ss -aunp cloudamize ALL = (root) NOPASSWD: /usr/bin/netstat -atunp cloudamize ALL = (root) NOPASSWD: /usr/sbin/pvs cloudamize ALL = (root) NOPASSWD: /usr/sbin/lvs

Ubuntu 22.04

No arguments

Specific

SLES 12

No arguments

Specific

 

If you have any questions, please contact the helpdesk via our Helpdesk Portal or by email at helpdesk@cloudamize.com.