EM 12c, 13c: What Sudo Permissions are required for Installing Agent using Deployment Method with A Locked User Account
(Doc ID 1489270.1)
Last updated on DECEMBER 22, 2016
Applies to:Enterprise Manager Base Platform - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
Deploying the Enterprise Manager Agent using locked account privilege delegation has the following prerequisite requirements:
Ensure that the installing user has SUDO/PBRUN privileges to invoke /bin/sh AS ROOT.
Ensure that you have the following line in the /etc/sudoers file. This is required to allow remote command execution using sudo.
Ensure that you comment out the following line in the /etc/sudoers file:
Locked Account Requirements
Ensure that the locked account user (oracle) has read permission on the home directory of the login user.
The first security requirement to allow named users to be able to run "sudo /bin/sh [script_name]" might be considered a potentially unacceptable security hole.
Alternatively, specify the commands to be executed by the locked account user with the sudo privilege for doing agent deployment.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!