My Oracle Support Banner

EM 13c: What Sudo Permissions are required for Installing Agent using Deployment Method with A Locked User Account (Doc ID 1489270.1)

Last updated on NOVEMBER 24, 2021

Applies to:

Enterprise Manager Base Platform - Version and later
Information in this document applies to any platform.


Deploying the Enterprise Manager Agent using locked account privilege delegation has the following prerequisite requirements:

EM 13c:

SUDO/PBRUN Requirements (Only for UNIX)
    Ensure that the installing user has SUDO/PBRUN privileges to invoke /bin/sh AS ROOT.
    Ensure that you have the following line in the /etc/sudoers file. This is required to allow remote command execution using sudo.
        Defaults visiblepw
    Ensure that you comment out the following line in the /etc/sudoers file:
        Defaults requiretty

Locked Account Requirements
      Ensure that the locked account user (oracle) has read permission on the home directory of the login user.


Set the oracle.sysman.prov.agentpush.pdpShellOutEnabled parameter to false in the <OMS_HOME>/sysman/prov/agentpush/ file, if sudo is configured for the locked out user


The first security requirement to allow named users to be able to run "sudo /bin/sh [script_name]" might be considered a potentially unacceptable security hole.

Alternatively, specify the commands to be executed by the locked account user with the sudo privilege for doing agent deployment.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.