cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

access to run dpmon from individual user account

Go to solution
Former Member

on ‎02-08-2008 7:36 AM

0 Kudos

Hi ,

Need to give access to run dpmon from individual user account and that user dont have access to login as <sid>adm .Is it possible to run from user account,what are the settings need to do...?

Thanks,

Nag

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-08-2008 2:49 PM
0 Kudos

Hi Nraju

dpmon needs to access the shared memory segment of the dispatcher process. They are protected like normal files in unix. I tried to dpmon with a non sidadm user but having the group sapsys, but that didn't work.

*** ERROR => shmget(10401,364,480) (22: Invalid argument) [shmux.c      1555]
*** ERROR => DpSysAdmExtCreate: ShmCreate (ATTACH) failed (1) [dpxxtool2.c  652]
*** ERROR => DpIPCInit2: DpSysAdmExtCreate [dpxxtool2.c  369]
*** ERROR => DpMonInit: DpIPCInit [dpxxmon.c    959]
DpMonInit failed - possibly no dispatcher running
DpMon: External/Internal dplib version: 109/229
*** ERROR => main: DpMonInit [dpxxmon.c    486]

You can see the shared memory segments with ipcs, i thought it should be possible for a user with sapsys, but i seem to be wrong. Pid 17066 is the dispatcher pid in my example.

sidadm> ipcs -ma | grep 17066
m     950283 0x000028d9 --rw-r-----    sidadm    sapsys    sidadm    sapsys     15     640420 17066 13245 11:44:57 11:44:57 17:04:10
m    1769484 0x000028aa --rw-r-----    sidadm    sapsys    sidadm    sapsys     16  520000000 17066 17082 17:04:13 no-entry 17:04:10
...
m    2129956 0x000028de --rw-r-----    sidadm    sapsys    sidadm    sapsys     15   86142944 17066 13245 11:16:06 11:16:06 17:04:11

Regards, Michael

Update, i can recall i ran dpmon as root once, this is indeed possible, so here is a solution:

- run dpmon as root

- give sudo rights to the user so he can execute only root-dpmon

Edited by: mho on Feb 8, 2008 3:52 PM

Show replies
Show replies
Former Member
‎02-12-2008 7:28 AM
0 Kudos

Hi Michael,

Thank u for the reply,

I dont have root access to test.Admin will not provide access from root.Is it possible to run only dpmon from root and restricting to execute any other operations/executions.

Thanks,

Nag.

Former Member
‎02-12-2008 7:33 AM
0 Kudos

Yes, use the sudo tool. Ask your Admins about it. I am not sure, but maybe you can use sudo to execute the dpmon as sidadm for another user...

sidadm> man sudo

...

DESCRIPTION

sudo allows a permitted user to execute a command as the

superuser or another user, as specified in the sudoers

file. The real and effective uid and gid are set to match

Regards, Michael

Former Member
‎02-12-2008 9:30 AM
0 Kudos

Ok, i did a quick try, though i am not an expert on sudo. I entered the following line with the "visudo" command in the /etc/sudoers file:

user1  host1 = (sidadm) NOPASSWD: /sapmnt/SID/exe/dpmon

In my example here, the user who wants to execute dpmon is called user1, host1 is the hostname and my SAP system has SID as SID :]]]

Now i can call dpmon as user without problem:

user1 $ sudo -u sidadm /sapmnt/SID/exe/dpmon pf=/sapmnt/SID/profile/SID_DVEBMGS00_host1

Works perfectly here.

Regards, Michael

Former Member
‎02-13-2008 4:46 AM
0 Kudos

Hi,

After adding the line user1 hostname = sidadm NOPASSWD : /sapmnt/SID/exe/dpmon in /etc/sudoers

I tried executing the dpmon in /home/user1 and got the error ksh:sudo:not found

$ sudo -u sidadm /sapmnt/SID/exe/dpmon pf=/sapmnt/SID/profile/SID_DVEBMGS04_<hostname>

ksh: sudo: not found.

(In place of user my user ID and SID is systen name and hostname of the system)

Thanks,

Nag

Edited by: nraju on Feb 13, 2008 5:51 AM

Former Member
‎02-13-2008 4:56 AM
0 Kudos

I tried in /home i got the below error.

user1 $ sudo -u sidadm /sapmnt/SID/exe/dpmon pf=/sapmnt/SID/profile/SID_DVEBMGS04_<hostname>

ksh: user1: 0403-006 Execute permission denied.

Edited by: nraju on Feb 13, 2008 6:53 AM

Former Member
‎02-13-2008 5:57 AM
0 Kudos

ksh: sattun: 0403-006 Execute permission denied.

there is any prob with shell ,becaz i find that /home/user env is kshell and sidadm>env is showing as csh shell .

Thanks,

Nag.

Former Member
‎02-14-2008 6:32 AM
0 Kudos

Michael ,It is working..

Thank you.

Nag.

Answers (0)

Ask a Question