Skip to main content

SSH user permissions on target server



  • Sam Kirchoff


    These are often customer specific and difficult for us to answer. Every customer can setup security different. Your basic administrator shouldn't have any issues so long as their account can administer the box itself. However if there is specific security measures (i.e. RSA) we have the Linux version that can be run locally and support for sudo.

    They key to understanding if you need to uplevel your creds are: can not connect. Or report lacks some detail like hardware information where it didn't have permission to pull the values. 

  • Venelin Tonev


    I hope you don't expect from customers to give you root user access on a Red Hat Linux box. My understanding is that once logged in with SSH you will need only read permissions or access to specific tools on the Red Hat server.

    Once again the question is about the permissions from the user on the target bare metal server that is accessed via SSH. Not the permissions where the Native Win32 collector client is being installed. 

    I would be glad if you are more specific about the tools on a linux that need to be accessed. Then it could be figured out what local permissions and user need to be configured.


  • Sam Kirchoff

    The answer here is that “it depends.”

    Optical Prime only reads data from the OS on Linux. It makes no configuration changes. However, some of the data points that are gathered by Optical Prime often require super-user level (root) privileges to execute. Some of these commands return rather innocuous data, like logical volume configuration, SAN cluster disk serial numbers, and SAN multipathing information. Guest VM information on KVM and Xen also require privileged access. If it were up to the Live Optics team, reading these data points would not require super-user privileges. But, the OS developers thought otherwise.

    Optical Prime will execute regardless of the privileges, as long as the user has basic read access. However, some data points, especially around the configuration of the underlying storage, and hypervisor datapoints will be missing.

    So, if you are purely interested in total capacities and total IO profiles, then root privileges are not necessary. However, if you are interested in accurate useable capacities and information on how underlying physical devices are mapped to logical volumes, then root privilege is required.

    In general, we advise that Optical Prime be granted super-level privileges to avoid any confusion when the report data is finally analyzed.

  • John Doe


    I realize this is an old topic but still relevant to our situation.

    I  really need to use sudo to restrict the remote SSH user liveoptics to only have root privileges for executing a specific subset commands.

    Otherwise security audits will chop my head off .. :)

    Is there any documentation on this?


    Thanks in advance.

    Regrads, John


  • David Hunter

    The following is a list of most (if not all) of the commands run by the Linux collector and general paths to files that are accessed by the collector. Note, some of these commands and paths might require root level privileges to access.

    Command or Path





    Our collector requires that bash is installed on the system (which is installed by default on all Linux distros)
    The collector relies on many of the built-in bash commands (echo, cat, etc) that are not listed here.


    The collector looks in the ‘/etc’ folder to identify the linux distro version


    OS version info


    Filesystem information


    Used to detect device (disk) mappings


    Xen admin tool for Xen servers


    Kernel file for reading CPU information


    Xen admin tool for Xen servers


    Tool for reading the DNS domain name


    KVM admin tool for KVM servers


    kernel file for reading memory configuration


    kernel file for reading running process information


    kernel file for reading memory page fault information


    Tool for reading Xen performance for Xen servers


    Tool for reading installed apps


    Tool for reading installed apps


    Path for reading installed apps on Gentoo


    Returns kernel configuration information


    Kernel files accessed for running process information


    Kernel files accessed for running process information


    Kernel files accessed for running process information


    Used for root privilege if available


    Tool for reading PCI devices


    Text processing tool


    Text processing tool


    Text searching tool


    Tool for reading system configuration


    Kernel file required for using dmidecode


    Kernel file for reading SCSI device information


    Tool for reading boot up log


    Paths for network device information


    Tool for reading Ethernet device configuration


    Tool for reading network interface configuration


    Path required to read device mappings


    Tool for searching filesystem


    Tool for reading device mappings


    Path needed for mapping disk IDs


    Switch user tool used if root access provided


    Paths to kernel files describing block IO devices


    Path to Oracle ASM disks folder


    Tool for reading Oracle ASM configuration


    Tool for reading iSCSI configuration


    Tool for reading SCSI configuration


    Path for reading SCSI configuration


    Tool for reading multipath information


    Tool for reading logical volume information


    Used for remote connections


    Kernel version info


Please sign in to leave a comment.