Privileged commands for the MID Server

To discover certain information on a host server, the MID Server must run SSH commands with higher privileges. The platform provides default privileged commands for the MID Server to use and the ability to add additional commands to the system.

An example of information that requires elevated privileges is information about storage disks on a host server, retrieved with the fdisk -l command. If your system cannot use sudo commands, you must configure the hosts in your network to use one of the other privileged commands. You can have different privileged commands set up for different hosts. However, Discovery supports only one privileged command per host.

Important: You can edit supported privileged commands, but do not delete them.

For a list of possible SSH commands requiring root privileges, see SSH credentials.

Table 1. SSH privileged escalation command requirements
Command Description
sudo
  • Host must support the sudo -S -p <password> command and return the correct list of allowed SSH commands.
  • Credentials provided for Discovery must be able to run the command sudo -S -p <password> <commands>.
pbrun
  • Host must support the pbrun -v command and return the correct version of PowerBroker.
  • Credentials provided for Discovery must be able to run pbrun <commands>.
  • Discovery does not support any other pbrun - options, such as a password prompt.
  • The instance must be able to reach the target host via SSH.
pfexec
  • Host must support the pfexec id -a command and return the correct ID.
  • Credentials provided for Discovery must be able to run pfexec <commands>.
  • Discovery does not support any other pfexec - options, such as a password prompt.
dzdo
  • Host must support the command –v dzdo command and return the path to dzdo in standard output.
  • Credentials provided for Discovery must be able to run dzdo <commands>.
  • Discovery does not support any other dzdo – options, but Discovery supports password authentication for dzdo.