Appendix I: Prerequisites Inventory Methods > Zero-Touch/Remote Inventory for Linux/Unix (RIU) > Required Permissions for a Zero-Touch Inventory of Linux, UNIX, and Mac Devices

In the following, the permissions required for an Inventory Service Account used to perform a Zero-Touch Inventory of Linux, Unix, and Mac devices are needed in order to connect via SSH.

Option 1: Sudoer

A sudoer without any restrictions on the command-lines is the simplest approach to enable RayVentory to execute all necessary commands and to read some folders and files. Such a service account needs to be added to each device, permitted by the sudoer's list and rolled out to all devices that will be targeted by this user account.

Option 2: Account with Minimum Permissions

This option realizes a least-privilege approach. Permissions are described in the following tables covering all commands and files required for the Zero-Touch inventory. Such an approach requires named permissions on files and commands granted to the inventory service account which will access the target devices by SSH. Once the permissions have been set for each platform, the credentials and permissions need to be rolled out to all devices in the scope of scanning by Zero-Touch.

Legend

Symbol	Description
X	Command applies / File is read
!	Command applies / File is read regardless of the platform and is expected to fail or likely not to be present

List of Commands Which Do Not Need Privileges

Subject	Platform
	Basic Support									Extended Support
	AIX	HP-UX		Linux		MacOS		Solaris		Linux
Command	POWER	PA-RISC	Itani-um	x86	POWER	x86	M1	SPARC	x86	ARM (nm)
grep	X	X	X	X	X	X	X	X	X	X
awk	X	X	X	X	X	X	X	X	X	X
model		X	X
mdSsum	X	!	!	X	X	X	X	!	!	X
dd	X	X	X	X	X	X	X	X	X	X
ls	X	X	X	X	X	X	X	X	X	X

List of Files Which Do Not Need Privileges

Subject	Platform
	Basic Support									Extended Support
	AIX	HP-UX		Linux		MacOS		Solaris		Linux
File	POWER	PA-RISC	Itani-um	x86	POWER	x86	M1	SPARC	x86	ARM (nm)
/sys/class/net/(list directory)				X	X					X

List of Commands Which Do Not Explicitly Require Privileged Rights

Subject	Platform
	Basic Support									Extended Support
	AIX	HP-UX		Linux		MacOS		Solaris		Linux
Command	POWER	PA-RISC	Itani-um	x86	POWER	x86	M1	SPARC	x86	ARM (nm)
prtconf	X							X	X
lsattr	X
system_profiler						X	X
ioreg						X	X
smbios								!	X
lscfg	X
lparstat	X			!	!					!
sysctl						X	X
print_manifest		X	X
zonename								X	X
eeprom	!			!	!			X	X	!
df	X	X	X	X	X	X	X	X	X	X
ioscan		X	X
diskinfo		X	X
smartctl	!			!	!	!	!	X	X	!
lsblk	!			X	X	!	!	!	!	X
udevadm	!			!	!	!	!	!	!	!
blockdev	!			X	X	!	!	!	!	X
iostat								X	X
fcinfo								X	X
find	X	X	X	X	X	X	X	X	X	X
sh	!	!	!	!	!	!	!	!	!	!
dladm								!	!
zoneadm								X	X
zonecfg								X	X
prctl								X	X
docker	!	!	!	!	!	!	!	!	!	!
ifconfig	X	X	X	!	!	X	X	X	X	!
lanscan		X	X	X	X					X
ip (addr)				!	!					!
vmstat	X
svmon	X
sw_vers						X	X
dmesg		X	X
swlist	X
odmget		X	X
lsconf	X
free				X	X	!	!			X
cstm		!	!
kstat								X	X

List of Files Which Do Not Explicitly Require Privileged Rights

Subject	Platform
	Basic Support									Extended Support
	AIX	HP-UX		Linux		MacOS		Solaris		Linux
File	POWER	PA-RISC	Itani-um	x86	POWER	x86	M1	SPARC	x86	ARM (nm)
/sys/class/dmi/id/chasis_vendor (accessed by cat				X		!			!
/sys/class/dmi/id/bios_version				X		!			!
/sys/class/dmi/id/chassis_serial	!	!	!	X	!	!	!	!	!	!
/sys/class/dmi/id/bios_version	!	!	!	X	!	!	!	!	!	!
/sys/class/dmi/id/chassis_vendor	!	!	!	X	!	!	!	!	!	!
/etc/hostname.ce0 (accessed by cat)				!	!			X	X	!
/sys/class/dmi/id/product_name (accessed by cat)	!			X	!			!	!	!
/sys/class/dmi/id/product_uuid (accessed by cat)	!			X	!			!	!	!
/etc/passwd (accessed by cat)
beahomelist (accessed by cat)	!	!	!	!	!	!	!	!	!	!
registry.xml (accessed by cat)	!	!	!	!	!	!	!	!	!	!
/sys/class/net/<NICs>/speed (accessed by cat)	!			X	X					X
/sys/class/net/<NICs>/address (listing directory by Is)				X	X					X

List of Commands Which Deliver the Best Results With Privileged Rights

Subject	Platform
	Basic Support									Extended Support
	AIX	HP-UX		Linux		MacOS		Solaris		Linux
Command	POWER	PA-RISC	Itani-um	x86	POWER	x86	M1	SPARC	x86	ARM (nm)
lshal	!	!	!	!	!	!	!	!	!	!
smbios								!	X
prtdiag	!			!	!			X	X	!
bootinfo	X
dnsdomainname		!	!	X	X			!	!	X
domainname		X	X	X	X			X	X	X
hexdump				!		!			X
lspci	!	!	!	X	X	!	!	!	!	X
oslevel	X
dpkg-query				!	!					!
rpm	!	!	!	!	!					!
pkginfo								X	X
getent	X			X	X	!	!	X	X	X
id	X			X	X	!	!	X	X	X
db2licm	!	!	!	!	!	!	!	!	!	!
db2ls	!	!	!	!	!	!	!	!	!	!
lscpu				!	!					!

List of Files Which Deliver the Best Results With Privileged Rights

Subject	Platform
	Basic Support									Extended Support
	AIX	HP-UX		Linux		MacOS		Solaris		Linux
File	POWER	PA-RISC	Itani-um	x86	POWER	x86	M1	SPARC	x86	ARM (nm)
/sys/class/dmi/id/chassis_vendor (accessed by cat)				X	!			!	!	!
/dev/xsvc (accessed by hexdump)				!		!			X
/dev/mem (accessed by hexdump)				!		!
/proc/partitions (accessed by cat)	X			X	X	!	!	!	!	X
/etc/oracle-release				!	!			!	!	!
/etc/os-release				!	!			!	!	!
/etc/SuSE-release				!	!			!	!	!
/etc/centos-release				!	!			!	!	!
/etc/enterprise-release				!	!			!	!	!
/etc/redhat-release				!	!			!	!	!
/etc/issue.net				!	!			!	!	!
/etc/debian_version				!	!			!	!	!
/etc/issue				!	!			!	!	!
/etc/lsb-release				!	!			!	!	!
Info.plist (of installed packages, accessed by shell and defaults)						X	X
Info-macos.plist (off installed packages, accessed by shell defaults)						X	X
/etc/*release (accessed by echo and cat)
/proc/cpuinfo	!			X	X	!	!	!	!	X

List of Commands Which Could Require Privileged Rights Depending on the OS Version

Subject	Platform
	Basic Support									Extended Support
	AIX	HP-UX		Linux		MacOS		Solaris		Linux
Command	POWER	PA-RISC	Itani-um	x86	POWER	x86	M1	SPARC	x86	ARM (nm)
dmidecode	!	!	!	X	!	!	!	!	X	!
uname	X	X	X	X	X	X	X	X	X	X
cat	X	X	X	X	X	X	X	X	X	X
getconf	X	X	X
whoami	X	X	X	X	X	X	X	X	X	X
hostname	X	X	X	X	X	X	X	X	X	X
hostid	X			X	X			X	X	X
netstat	X	X	X	X	X	X	X	X	X	X