These steps will help set up a new user, different from the install owner, that is a non-root user capable of creating Performance Center MySql DB backups.
The user is only capable of stopping the Performance Center services, running a MySql backup, and starting the Performance Center services. The commands called out in the sudoers file entry below are the minimum requirements to achieve the goal.
- Create a new user on the Performance Center server. Set the users password.
- Edit the /etc/sudoers file.
- First we add the following Cmnd_Alias. Change the alias name sample PCMYSQLBACKUPS to another valid as needed.
- For RH 6.x releases:
- Cmnd_Alias PCMYSQLBACKUPS = /etc/init.d/caperfcenter_console,/etc/init.d/caperfcenter_devicemanager,/etc/init.d/caperfcenter_eventmanager,/etc/init.d/caperfcenter_sso,/etc/init.d/mysql,/sbin/service,/opt/CA/MySql/bin/mysql,/opt/CA/MySql/bin/mysqldump
- For RH 7.x release:
- Cmnd_Alias PMMYSQLBACKUPS = /etc/init.d/mysql,/opt/CA/PerformanceCenter/PC/bin/caperfcenter_console,/opt/CA/PerformanceCenter/DM/bin/caperfcenter_devicemanager,/opt/CA/PerformanceCenter/EM/bin/caperfcenter_eventmanager,/opt/CA/PerformanceCenter/sso/bin/caperfcenter_sso,/usr/bin/systemctl,/opt/CA/MySql/bin/mysql,/opt/CA/MySql/bin/mysqldump
- Next we add the following user entry to state which commands the user can run with sudo permissions.
- backupUser ALL = PMMYSQLBACKUPS
- Change sample user name 'backupUser' to user name created for this task.
- Ensure the users Cmnd_Alias matches the one set above.
- Save the changes to the /etc/sudoers file
We should not be able to log in as the sudo user and run the standard MySql backup commands per documentation, appending sudo to the start of each run.
An example netqosportal command would be:
bash-4.2$ sudo /opt/CA/MySql/bin/mysqldump --routines -u root -p netqosportal > /export/backupUser/mysqlbackups/netqosportal.sql
After entering the password for the backupUser it should successfully run the backup.