on 02-08-2008 7:36 AM
Hi ,
Need to give access to run dpmon from individual user account and that user dont have access to login as <sid>adm .Is it possible to run from user account,what are the settings need to do...?
Thanks,
Nag
Hi Nraju
dpmon needs to access the shared memory segment of the dispatcher process. They are protected like normal files in unix. I tried to dpmon with a non sidadm user but having the group sapsys, but that didn't work.
*** ERROR => shmget(10401,364,480) (22: Invalid argument) [shmux.c 1555]
*** ERROR => DpSysAdmExtCreate: ShmCreate (ATTACH) failed (1) [dpxxtool2.c 652]
*** ERROR => DpIPCInit2: DpSysAdmExtCreate [dpxxtool2.c 369]
*** ERROR => DpMonInit: DpIPCInit [dpxxmon.c 959]
DpMonInit failed - possibly no dispatcher running
DpMon: External/Internal dplib version: 109/229
*** ERROR => main: DpMonInit [dpxxmon.c 486]
You can see the shared memory segments with ipcs, i thought it should be possible for a user with sapsys, but i seem to be wrong. Pid 17066 is the dispatcher pid in my example.
sidadm> ipcs -ma | grep 17066
m 950283 0x000028d9 --rw-r----- sidadm sapsys sidadm sapsys 15 640420 17066 13245 11:44:57 11:44:57 17:04:10
m 1769484 0x000028aa --rw-r----- sidadm sapsys sidadm sapsys 16 520000000 17066 17082 17:04:13 no-entry 17:04:10
...
m 2129956 0x000028de --rw-r----- sidadm sapsys sidadm sapsys 15 86142944 17066 13245 11:16:06 11:16:06 17:04:11
Regards, Michael
Update, i can recall i ran dpmon as root once, this is indeed possible, so here is a solution:
- run dpmon as root
- give sudo rights to the user so he can execute only root-dpmon
Edited by: mho on Feb 8, 2008 3:52 PM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes, use the sudo tool. Ask your Admins about it. I am not sure, but maybe you can use sudo to execute the dpmon as sidadm for another user...
sidadm> man sudo
...
DESCRIPTION
sudo allows a permitted user to execute a command as the
superuser or another user, as specified in the sudoers
file. The real and effective uid and gid are set to match
Regards, Michael
Ok, i did a quick try, though i am not an expert on sudo. I entered the following line with the "visudo" command in the /etc/sudoers file:
user1 host1 = (sidadm) NOPASSWD: /sapmnt/SID/exe/dpmon
In my example here, the user who wants to execute dpmon is called user1, host1 is the hostname and my SAP system has SID as SID :]]]
Now i can call dpmon as user without problem:
user1 $ sudo -u sidadm /sapmnt/SID/exe/dpmon pf=/sapmnt/SID/profile/SID_DVEBMGS00_host1
Works perfectly here.
Regards, Michael
Hi,
After adding the line user1 hostname = sidadm NOPASSWD : /sapmnt/SID/exe/dpmon in /etc/sudoers
I tried executing the dpmon in /home/user1 and got the error ksh:sudo:not found
$ sudo -u sidadm /sapmnt/SID/exe/dpmon pf=/sapmnt/SID/profile/SID_DVEBMGS04_<hostname>
ksh: sudo: not found.
(In place of user my user ID and SID is systen name and hostname of the system)
Thanks,
Nag
Edited by: nraju on Feb 13, 2008 5:51 AM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.