RVY200356: Required permission to run a local Oracle inventory scan via a remote execution task against Linux/UNIX devices

General Information

This article describes the permission required for sudo rights on Linux/UNIX machines in order to run remote execution Oracle inventory tasks against them. 


Installation Specifications

User and login credentials

We provide two methods for logging into the Linux/UNIX systems.



The simplest way is to create a user and password combination: 

1)      Create a user (e.g.  useradd RayVentory). 

2)      Set a password for the User (passwd RayVentory). 

3)      Set the required services as mentioned further down this article. 

4)      Set the sudo rights as explained further down this artcile.


SSH Key-Based Authentication

The second method is to use a private/public key pairing for the connection.

First you need to create a public/private key pair:

1)      Download puttygen.exe from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

2)      Check the file with your Antivirus Tool.

3)      Start puttygen.exe


  • Press the [Generate] button. 
  • Move the mouse around to generate the key. 
  • Set a passphrase for the key: 


  • Press the [Save private key] button. 
  • Enter a name for the file and Save: 


  • Copy all data within the Key field and save it to a file. This file is required for the ./ssh/authorized_keys within the user directory of the RayVentory user on the Linux or Unix machine.

4)      Copy the saved Private Key file to the RayVentory Server. 

5)      Open the Password Store: 


  • Create a new user by pressing the [New] button. 
  • Enter a Logical Name, e.g. Linux Account.
  • Select the "SSH account (key pair)" account type. 
  • Enter a user name, e.g. RayVentory. 
  • Select "sudo" as the elivation privilege. 
  • Press the [Browse…] button: 


  • Select the Private Key file and then press the [Open] button. 
  • Enter your passphrase and then press the [OK] button:   


  • If all is correct the 'Key pair loaded:' checkbox should have a green tick: 


  • The [View public key...] button provides part of the authorized_keys file for the machine. 
  • Press the [Apply] button. 
  • Repeat this process on all other Distribution Servers that you wish to run Linux/UNIX related remote execution tasks from. 


Now you need to create the user on the linux machine:

1)      Create the user (e.g.  useradd RayVentory). 

2)      If the folder .ssh does not exist within the users home directory, create it. 

3)      If the file ./.ssh/authorized_keys does not exist, create it. 

4)      Add the Public Key (authorized_keys) to the file ./.ssh/authorized_keys

5)      Set the required services as mentioned further down this article. 

6)      Set the sudo rights as explained further down this artcile.



Services what are used from remote

We need rights to the following services from remote machines:




SUDO rights for Oracle Inventory

We need sudo rights with no password prompt for the following commands:

  • chmod 755 ./oratrack.sh                                                   
  • /sbin/sh ./oratrack.sh -o *  
  • /bin/sh ./oratrack.sh -o *                                
  • /sbin/rm ./oratrack.sh ./oratrack.jar ./query.xml.enc ./OracleConnections.xml
  • /bin/rm ./oratrack.sh ./oratrack.jar ./query.xml.enc ./OracleConnections.xml     


The resultant SUDO configuration line is as follows:

{UserName}  ALL = (root) NOPASSWD: chmod 755 ./oratrack.sh/sbin/sh ./oratrack.sh -o ,/bin/sh ./oratrack.sh -o *,/sbin/rm ./oratrack.sh ./oratrack.jar ./query.xml.enc ./OracleConnections.xml, /bin/rm ./oratrack.sh ./oratrack.jar ./query.xml.enc ./OracleConnections.xml


The resultant SUDO configuration line for hardware + Oracle inventory is as follows:

{UserName}  ALL = (root) NOPASSWD: /bin/date,/sbin/date,/bin/sh ./ndtrack.sh *,/sbin/sh ./ndtrack.sh *,/bin/rm -f ./ndtrack.sh ./ndtrack.ini,/sbin/rm -f ./ndtrack.sh ./ndtrack.ini,chmod 755 ./oratrack.sh/sbin/sh ./oratrack.sh -o ,/bin/sh ./oratrack.sh -o *,/sbin/rm ./oratrack.sh ./oratrack.jar ./query.xml.enc ./OracleConnections.xml, /bin/rm ./oratrack.sh ./oratrack.jar ./query.xml.enc ./OracleConnections.xml



  • Please replace {UserName} with the user for RayVentory. 
  • To edit the sudo configuration use the visudo command. 




Have more questions? Submit a request


Powered by Zendesk