Skip to main content
Common Reference

sudo Configuration

Tungsten requires that the user you have configured to run the server has sudo credentials so that it can run and install services as root.

Within Linux environments you can do this by editing the /etc/sudoers file using visudo and adding the following lines:

## Allow tungsten to run any command
tungsten ALL=(ALL) NOPASSWD: ALL
warning

The above syntax is applicable to most Linux environments, however double check if your environment uses different syntax!

warning

The above syntax may be considered unsafe and a security risk, therefore should only be used where your system policies allow. For Production systems it is advised a more granular configuration be applied as shown below

sudo can also be configured to handle only specific directories or files. For example, when using xtrabackup, or additional tools in the Tungsten toolkit, such as tprovision, additional commands must be added to the permitted list:

tungsten ALL=(ALL) NOPASSWD: /sbin/service, /usr/bin/innobackupex, /bin/rm,
  /bin/mv, /bin/chown, /bin/chmod, /usr/bin/scp, /bin/tar, /usr/bin/which, 
  /etc/init.d/mysql, /usr/bin/test, /usr/bin/systemctl, 
  /opt/continuent/tungsten/tungsten-replicator/scripts/xtrabackup.sh, 
  /opt/continuent/tungsten/tools/tpm, /usr/bin/innobackupex-1.5.1, 
  /bin/cat, /bin/find, /usr/bin/whoami, /bin/sh, /bin/rmdir, /bin/mkdir, 
  /usr/bin/mysql_install_db, /usr/bin/mysqld, /usr/bin/xtrabackup
note

On some versions of sudo, use of sudo is deliberately disabled for ssh sessions. To enable support via ssh, comment out the requirement for requiretty:

#Defaults    requiretty