EM 12c, 13c: What Sudo Permissions are required for Installing Agent using Deployment Method with A Locked User Account
Last updated on DECEMBER 22, 2016
Applies to:Enterprise Manager Base Platform - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
Deploying the Enterprise Manager Agent using locked account privilege delegation has the following prerequisite requirements:
Ensure that the installing user has SUDO/PBRUN privileges to invoke /bin/sh AS ROOT.
Ensure that you have the following line in the /etc/sudoers file. This is required to allow remote command execution using sudo.
Ensure that you comment out the following line in the /etc/sudoers file:
Locked Account Requirements
Ensure that the locked account user (oracle) has read permission on the home directory of the login user.
The first security requirement to allow named users to be able to run "sudo /bin/sh [script_name]" might be considered a potentially unacceptable security hole.
Alternatively, specify the commands to be executed by the locked account user with the sudo privilege for doing agent deployment.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms