Our company policy requires me to use a non-root user to run the Performance Center backups.

The non-root user will need to stop and start the Performance Center services. 

How do I set sudo for the non-root user? What command will the non-root user need to run?

The non-root user should only have the ability to stop the CA Performance center services.

Release : 3.7

Component : IM Reporting / Admin / Configuration

These steps will help set up a new user, different from the install owner, that is a non-root user capable of creating Performance Center MySql DB backups.

The user is only capable of stopping the Performance Center services, running a MySql backup, and starting the Performance Center services. The commands called out in the sudoers file entry below are the minimum requirements to achieve the goal.

1. Create a new user on the Performance Center server. Set the users password.
2. Edit the /etc/sudoers file.
   1. First we add the following Cmnd_Alias. Change the alias name sample PCMYSQLBACKUPS to another valid as needed.
      
      1. For RH 6.x releases:
         • Cmnd_Alias PCMYSQLBACKUPS = /etc/init.d/caperfcenter_console,/etc/init.d/caperfcenter_devicemanager,/etc/init.d/caperfcenter_eventmanager,/etc/init.d/caperfcenter_sso,/etc/init.d/mysql,/sbin/service,/opt/CA/MySql/bin/mysql,/opt/CA/MySql/bin/mysqldump
      2. For RH 7.x release:
         • Cmnd_Alias PMMYSQLBACKUPS = /etc/init.d/mysql,/opt/CA/PerformanceCenter/PC/bin/caperfcenter_console,/opt/CA/PerformanceCenter/DM/bin/caperfcenter_devicemanager,/opt/CA/PerformanceCenter/EM/bin/caperfcenter_eventmanager,/opt/CA/PerformanceCenter/sso/bin/caperfcenter_sso,/usr/bin/systemctl,/opt/CA/MySql/bin/mysql,/opt/CA/MySql/bin/mysqldump
   2. Next we add the following user entry to state which commands the user can run with sudo permissions.
      1. backupUser ALL = PMMYSQLBACKUPS
         1. Change sample user name 'backupUser' to user name created for this task.
         2. Ensure the users Cmnd_Alias matches the one set above.
   3. Save the changes to the /etc/sudoers file

We should not be able to log in as the sudo user and run the standard MySql backup commands per documentation, appending sudo to the start of each run.

An example netqosportal command would be:


After entering the password for the backupUser it should successfully run the backup.

MySql Backup instruction documentation:

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/performance-management/3-7/administrating/performance-center-administration/back-up-performance-center.html