Configure non-root sudo user for NetOps Portal MySql backups
search cancel

Configure non-root sudo user for NetOps Portal MySql backups

book

Article ID: 187370

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Our company policy requires me to use a non-root user to run the NetOps Portal backups.

The non-root user will need to stop and start the NetOps Portal services. 

How do I set sudo for the non-root user? What command will the non-root user need to run?

The non-root user should only have the ability to stop the NetOps Portal services.

Environment

Component : IM Reporting / Admin / Configuration

Resolution

These steps will help set up a new user, different from the install owner, that is a non-root user capable of creating NetOps Portal MySql DB backups.

The user is only capable of stopping the NetOps Portal services, running a MySql backup, and starting the NetOps Portal services. The commands called out in the sudoers file entry below are the minimum requirements to achieve the goal.

  1. Create a new user on the NetOps Portal server. Set the users password.
  2. Edit the /etc/sudoers file.
    1. First we add the following Cmnd_Alias. Change the alias name sample PCMYSQLBACKUPS to another valid as needed.
      1. For RH 6.x releases:
        • Cmnd_Alias PCMYSQLBACKUPS = /etc/init.d/caperfcenter_console,/etc/init.d/caperfcenter_devicemanager,/etc/init.d/caperfcenter_eventmanager,/etc/init.d/caperfcenter_sso,/etc/init.d/mysql,/sbin/service,/opt/CA/MySql/bin/mysql,/opt/CA/MySql/bin/mysqldump
      2. For RH 7.x release:
        • Cmnd_Alias PMMYSQLBACKUPS = /etc/init.d/mysql,/opt/CA/PerformanceCenter/PC/bin/caperfcenter_console,/opt/CA/PerformanceCenter/DM/bin/caperfcenter_devicemanager,/opt/CA/PerformanceCenter/EM/bin/caperfcenter_eventmanager,/opt/CA/PerformanceCenter/sso/bin/caperfcenter_sso,/usr/bin/systemctl,/opt/CA/MySql/bin/mysql,/opt/CA/MySql/bin/mysqldump
    2. Next we add the following user entry to state which commands the user can run with sudo permissions.
      1. backupUser ALL = PMMYSQLBACKUPS
        1. Change sample user name 'backupUser' to user name created for this task.
        2. Ensure the users Cmnd_Alias matches the one set above.
    3. Save the changes to the /etc/sudoers file

We should not be able to log in as the sudo user and run the standard MySql backup commands per documentation, appending sudo to the start of each run.

An example netqosportal command would be:

bash-4.2$ sudo /opt/CA/MySql/bin/mysqldump --routines -u root -p  netqosportal > /export/backupUser/mysqlbackups/netqosportal.sql
Enter password:


After entering the password for the backupUser it should successfully run the backup.

Additional Information

NetOps Portal MySql Backup instruction documentation:

Back Up NetOps Portal

Powered by Wolken Software