Skip to main content
Delphix

How To Create a Privilege Elevation Profile Via CLI (KBA5888)

  1. Last updated
  2. Save as PDF
 

 

KBA

KBA# 5888

Applicable Delphix Versions

Click here to view the versions of the Delphix engine to which this article applies
Major Release All Sub Releases
6.0 6.0.0.0, 6.0.1.0, 6.0.1.1, 6.0.2.0

5.3

 5.3.0.0, 5.3.0.1, 5.3.0.2, 5.3.0.3, 5.3.1.0, 5.3.1.1, 5.3.1.2, 5.3.2.0, 5.3.3.0, 5.3.3.1, 5.3.4.0, 5.3.5.0 5.3.6.0, 5.3.7.0, 5.3.7.1, 5.3.8.0, 5.3.8.1, 5.3.9.0

5.2

5.2.2.0, 5.2.2.1, 5.2.3.0, 5.2.4.0, 5.2.5.0, 5.2.5.1, 5.2.6.0, 5.2.6.1

5.1

5.1.0.0, 5.1.1.0, 5.1.2.0, 5.1.3.0, 5.1.4.0, 5.1.5.0, 5.1.5.1, 5.1.6.0, 5.1.7.0, 5.1.8.0, 5.1.8.1, 5.1.9.0, 5.1.10.0

5.0

5.0.1.0, 5.0.1.1, 5.0.2.0, 5.0.2.1, 5.0.2.2, 5.0.2.3, 5.0.3.0, 5.0.3.1, 5.0.4.0, 5.0.4.1 ,5.0.5.0, 5.0.5.1, 5.0.5.2, 5.0.5.3, 5.0.5.4

4.3

4.3.1.0, 4.3.2.0, 4.3.2.1, 4.3.3.0, 4.3.4.0, 4.3.4.1, 4.3.5.0

4.2

4.2.0.0, 4.2.0.3, 4.2.1.0, 4.2.1.1, 4.2.2.0, 4.2.2.1, 4.2.3.0, 4.2.4.0 , 4.2.5.0, 4.2.5.1

4.1

4.1.0.0, 4.1.2.0, 4.1.3.0, 4.1.3.1, 4.1.3.2, 4.1.4.0, 4.1.5.0, 4.1.6.0

How to Create a Privilege Elevation Profile

Delphix uses sudo as the default for its privilege elevation profile mechanism and, in order to use an alternative third party or proprietary privilege elevation mechanism other than sudo, you will need to create a privilege elevation profile and include the necessary scripts.

Delphix offers no formal support for configuring these scripts, and they are the sole responsibility of the customer to ensure they work. Customers are strongly encouraged to work with Delphix Professional Services to formulate reliable profile scripts if needed.

The contents used in the example for mount, umountmkdirrmdir & ps are the default content lines Delphix uses for the default sudo profile.

Command    Default Contents
mount      $DLPX_BIN/dlpx_pfexec mount  "$@"      
umount     $DLPX_BIN/dlpx_pfexec umount "$@"
mkdir      $DLPX_BIN/dlpx_pfexec mkdir "$@"
rmdir      $DLPX_BIN/dlpx_pfexec rmdir "$@"
ps         $DLPX_BIN/dlpx_pfexec ps "$@"

In the example below we will create the scripts to run the following commands where the dzdo binary is in directory /usr/share/centrifydc/bin.

Please be advised the CLI method is only capable of adding single-line content.

Example - dzdo

The following example walks through the process of creating a Privilege Elevation Profile utilizing dzdo, with no additional command options.

 

  1. Login to the Delphix Engine as an admin user
  2. Create the privilege elevation profile name dzdo. 
    DE> host
DE host> privilegeElevation 
DE host privilegeElevation> profile
DE host privilegeElevation profile> create
DE host privilegeElevation profile create *> set name=dzdo
DE host privilegeElevation profile create *> set version=1.0
DE host privilegeElevation profile create *> commit
    `HOST_PRIVILEGE_ELEVATION_PROFILE-2
  3. The profile scripts for executing commands for privilege elevation via dzdo require modification of the dlpx_pfexec script used for elevation of privileges. 
    DE> host
DE host> privilegeElevation
DE host privilegeElevation> profileScript 
DE host privilegeElevation profileScript> create
DE host privilegeElevation profileScript create *> set profile=dzdo
DE host privilegeElevation profileScript create *> set name=dlpx_pfexec
DE host privilegeElevation profileScript create *> set contents
Enter contents: /usr/share/centrifydc/bin/dzdo "$@"
DE host privilegeElevation profileScript create *> commit
    `HOST_PRIVILEGE_ELEVATION_PROFILE_SCRIPT-8

    All other command scripts for mount, mkdir, etc, will be built with default contents provided in the previous section.

    DE host privilegeElevation profileScript> create
DE host privilegeElevation profileScript create *> set profile=dzdo
DE host privilegeElevation profileScript create *> set name=dlpx_mount
DE host privilegeElevation profileScript create *> set contents
Enter contents: $DLPX_BIN/dlpx_pfexec mount  "$@"
DE host privilegeElevation profileScript create *> commit
    `HOST_PRIVILEGE_ELEVATION_PROFILE_SCRIPT-9

DE host privilegeElevation profileScript> create
DE host privilegeElevation profileScript create *> set profile=dzdo
DE host privilegeElevation profileScript create *> set name=dlpx_umount
DE host privilegeElevation profileScript create *> set contents
Enter contents: $DLPX_BIN/dlpx_pfexec umount "$@"
DE host privilegeElevation profileScript create *> commit
    `HOST_PRIVILEGE_ELEVATION_PROFILE_SCRIPT-10

DE host privilegeElevation profileScript> create
DE host privilegeElevation profileScript create *> set profile=dzdo
DE host privilegeElevation profileScript create *> set name=dlpx_rmdir
DE host privilegeElevation profileScript create *> set contents
Enter contents: $DLPX_BIN/dlpx_pfexec rmdir "$@"
DE host privilegeElevation profileScript create *> commit
    `HOST_PRIVILEGE_ELEVATION_PROFILE_SCRIPT-11
    
DE host privilegeElevation profileScript> create
DE host privilegeElevation profileScript create *> set profile=dzdo
DE host privilegeElevation profileScript create *> set name=dlpx_ps
DE host privilegeElevation profileScript create *> set contents
Enter contents: $DLPX_BIN/dlpx_pfexec ps "$@"
DE host privilegeElevation profileScript create *> commit
    `HOST_PRIVILEGE_ELEVATION_PROFILE_SCRIPT-12
    
DE host privilegeElevation profileScript> create
DE host privilegeElevation profileScript create *> set profile=dzdo
DE host privilegeElevation profileScript create *> set name=dlpx_mkdir
DE host privilegeElevation profileScript create *> set contents
Enter contents: $DLPX_BIN/dlpx_pfexec mkdir "$@"
DE host privilegeElevation profileScript create *> commit
    `HOST_PRIVILEGE_ELEVATION_PROFILE_SCRIPT-13

    In the example above, the default contents has not been changed for mount, umount, rmdirmkdir or ps but if these need to be changed then you would edit the required contents.

  4. Assign this Elevation Profile to the desired host 
    DE> host 
DE host > select '<HOST>'
DE host '<HOST>'> update
DE host '<HOST>' update *> set privilegeElevationProfile=dzdo
DE host '<HOST>'  update *> commit
  5. After assigning the Elevation Profile an environment refresh of the host environment will be needed to push the changes to the selected host. This can be performed from the web interface or CLI as desired. 
    DE> environment
DE environment> select '<ENVIRONMENT>'
DE environment '<ENVIRONMENT>'> refresh
DE environment '<ENVIRONMENT>' refresh *> commit
  6. To assign the Elevation profile dzdo as the default profile for new environments: 
    DE> host
DE host> privilegeElevation
DE host privilegeElevation> update
DE host privilegeElevation update *> set defaultProfile=dzdo
DE host privilegeElevation update *> commit

Related Articles

The following articles may provide more information or related information to this article:

 

Privacy Policy Terms of Use Legal About
© 2024 Delphix Corp