What are the minimum entries needed in sudoers to manage CAPC post-install?

book

Article ID: 208120

calendar_today

Updated On:

Products

DX NetOps

Issue/Introduction

Due to internal security, we need to limit the sudo users access to the minimum needed for day-to-day management of CAPC.

Cause

The docset only contains the overall sudoers entries.

Environment

Release : 20.2

Component : CA Performance Center

Resolution

Standard capc with local mysql.

Cmnd_Alias CAPERFCENTER = /sbin/service caperfcenter_sso *,/sbin/service caperfcenter_eventmanager *,/sbin/service caperfcenter_devicemanager *,/sbin/service caperfcenter_console *,/opt/CA/PerformanceCenter/RemoteEngineer/re.sh,/opt/CA/PerformanceCenter/SslConfig,/opt/CA/PerformanceCenter/SsoConfig,/sbin/service mysql *,opt/CA/MySql/bin/mysqldump,/opt/CA/jre/bin/keytool,

sudouser ALL = CAPERFCENTER

 

CAPC with remote mysql.

Cmnd_Alias CAPERFCENTER = /sbin/service caperfcenter_sso *,/sbin/service caperfcenter_eventmanager *,/sbin/service caperfcenter_devicemanager *,/sbin/service caperfcenter_console *,/opt/CA/PerformanceCenter/RemoteEngineer/re.sh,/opt/CA/PerformanceCenter/SslConfig,/opt/CA/PerformanceCenter/SsoConfig,/opt/CA/jre/bin/keytool

sudouser ALL = CAPERFCENTER

 

Stand-alone mysql host.

Cmnd_Alias CAPERFCENTER = /sbin/service mysql *,opt/CA/MySql/bin/mysqldump,/opt/CA/PerformanceCenter/RemoteEngineer/re.sh

sudouser ALL = CAPERFCENTER

 

** remember to replace sudouser with your non-root username **

Additional Information

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/performance-management/20-2/installing/prepare-to-install-performance-center.html#concept.dita_eb0042c92432eb69783268b3d853893b1993569c_OptionalConfiguretheSudoUserAccountfornpc