cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Does SAP Need Root Access and sudo

Go to solution
SAPSupport
Employee
Employee

on ‎2024 Dec 17 6:16 AM

0 Kudos
1,369

Hi,

 

   We are currently reviewing our security posture and would like to get clarification with SAP on the following:

  1. Does SAP need root access for SAP installation (SUM , SWPM )and OS patching for linux in Hyperscaler ? 
  2. What is the recommended best practice from SAP with regards to root linux user access ? Is there documentation to a root alternative like ccloud user or equivalent in hyperscaler ?
  3. What is SAP recommended best practice for sudo bash control and user case? Is it PERSON_NAME to use sudo for SUM, SWPM and OS Patching for SAP system on Linu

 

Thanks


------------------------------------------------------------------------------------------------------------------------------------------------
Learn more about the SAP Support user and program here.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
SAPSupport
Employee
Employee
‎2024 Dec 17 6:16 AM
0 Kudos

When it comes to SAP installations and operations on Linux in a hyperscaler environment, there are several best practices and recommendations to consider regarding root access and the use of sudo. Here are the key points:

  1. Root Access for SAP Installation (SUM, SWPM) and OS Patching:

    • SAP Installation (SUM, SWPM): SUM and SWPM typically require elevated privileges to perform certain tasks. However, it is not always necessary to use the root user directly. Instead, you can use a user with the necessary privileges, often managed through sudo.
    • OS Patching: Operating system patching generally requires root access because it involves making changes to system files and configurations. This is true regardless of whether the system is on-premises or in a hyperscaler environment.

  2. Recommended Best Practices for Root Access:

    • Minimize Direct Root Access: It is a best practice to minimize direct root access to enhance security. Instead, use a non-root user with sudo privileges to perform administrative tasks.
    • Use of Sudo: SAP recommends using sudo to grant necessary privileges to specific users for performing administrative tasks. This approach allows for better control and auditing of actions performed with elevated privileges.

  3. Documentation and Alternatives to Root Access:

    • SAP Documentation: SAP provides detailed documentation on installation and administration that includes guidelines on user privileges. You can refer to the SAP Help Portal and specific guides for SUM and SWPM for more information.
    • Root Alternatives: In a hyperscaler environment, you can create a dedicated administrative user (e.g., sapadm or ccloud) with the necessary sudo privileges to perform SAP-related tasks. This user can be configured to have the required permissions without granting full root access.

  4. Best Practices for Sudo Bash Control and Use Cases:

    • Controlled Use of Sudo: Use sudo to grant specific commands or scripts the necessary privileges rather than granting full root access. This can be configured in the /etc/sudoers file.
    • Auditing and Logging: Ensure that all sudo actions are logged for auditing purposes. This helps in tracking changes and identifying potential security issues.
    • Mandatory Use of Sudo: While it is not strictly mandatory to use sudo for SUM, SWPM, and OS patching, it is highly recommended as a best practice to enhance security and control.

In summary, while root access may be required for certain tasks, it is best practice to use sudo to grant necessary privileges to specific users. This approach enhances security by minimizing direct root access and providing better control and auditing capabilities. For detailed guidance, refer to SAP's official documentation and best practice guides available on the SAP Help Portal.

Show replies
Show replies
Ask a Question