Oracle requires that the user can execute the following commands using root privileges:
<Service EM Base Directory>/agent_home/core/<version>/root.sh
<Service EM Base Directory>/agent_home/agent_*/root.sh
/opt/exalytics/asr/bda_mon_hw_asr.pl (Exalytics only)
/opt/oracle/oak/bin/oakcli (Oracle Database Appliance only)
/opt/oracle.cellos/compmon/exadata_mon_hw_asr.pl (Exadata only)
/opt/oracle.cellos/imageinfo (Exadata only)
/opt/exalogic/usr/sbin/imageinfo (Exalogic only)
/opt/oracle/dbserver/dbms/bin/dbmcli (Exadata and ZDLRA only)
/opt/oracle/bda/bin/imageinfo (Big Data only)
/opt/oracle/bda/bin/imageinfo (Big Data only)
/opt/ipmitool/bin/ipmitool (Solaris only)
/opt/ipmitool/sbin/ipmitool (Solaris only)
/usr/bin/chmod
/usr/bin/chown
/usr/bin/chgrp
/usr/bin/crontab (Solaris only)
/usr/bin/cp
/usr/bin/ex
/usr/bin/ipmitool
/usr/bin/grep
/usr/bin/ls
/usr/bin/mkdir
/usr/bin/rmdir
/usr/bin/passwd
/usr/bin/profiles (Solaris 11 only)
/usr/bin/systemctl
/usr/bin/unzip
/usr/bin/vim
/usr/bin/virsh (Linux only)
/usr/bin/xenstore-list
/usr/lib/fm/notify/asr-notify (Solaris 11 only)
/sbin/chkconfig
/usr/sbin/dbmcli (Exadata and ZDLRA only)
/usr/sbin/dmidecode (Linux only)
/usr/sbin/groupadd
/sbin/service
/usr/sbin/svcadm (Solaris only)
/usr/sbin/useradd
/usr/sbin/usermod
/usr/sbin/xm
/usr/bin/tfactl
/usr/bin/ahfctl
/tmp/install_ahf_no_cfg.sh
/tmp/install_ahf.sh
/usr/bin/systemctl start oracle-oasgagent.service
/usr/bin/systemctl stop oracle-oasgagent.service
/usr/bin/systemctl restart oracle-oasgagent.service
/usr/bin/systemctl status oracle-oasgagent.service
/sbin/service oasgagent start
/sbin/service oasgagent stop
/sbin/service oasgagent restart
/sbin/service oasgagent status
The user provided for the initial setup can be removed once the monitoring has been deployed and the agent user has been created. The agent user can be a user defined within a naming service and a home directory mounted from an NFS server. However, the agent installation directory must be unique to each server to be monitored. If the agent user is configured as part of a naming service, then the user must belong to the group that owns the Oracle inventory on all of the servers. The deployment scripts will verify and enforce group write permissions on any Oracle inventory directory that is discovered by using the /etc/oraInst.loc or the /var/opt/oracle/oraInst.loc files.
User Privileges for Exalogic Systems.
If the user is part of a naming service and NFS mounts are to be defined (Exalogic systems require NFS mounts), use NFSv4 rather than NFSv3. The configuration of NFSv4 is outside the scope of this service, but the new mounts are defined with the NFSv4 options, and the following extra command must be added to the security profile, depending on OS:
/usr/sbin/mount (Linux)
/sbin/mount (Solaris)