Environment
Sentinel 7.3, 7.4
Sentinel 8.2.x, 8.3, and 8.4
Situation
It is configured as such on Sentinel server:
novell ALL = NOPASSWD: /bin/mount, /bin/umount
novell ALL = NOPASSWD: /bin/mount, /bin/umount # sentinel_7_mount_configuration
Defaults:novell !requiretty # sentinel_7_tty_configuration
novell ALL = NOPASSWD: /bin/mount, /bin/umount
novell ALL = NOPASSWD: /bin/mount, /bin/umount # sentinel_7_mount_configuration
Defaults:novell !requiretty # sentinel_7_tty_configuration
The parameter "NOPASSWD" might indicate a security concern, however as you can see, it relates only to the mount and umount commands. That is required for the indexing process.
The normal behavior of sudo command, which uses the sudoers definition to validate the real execution, is to ask for the password for the user invoking sudo or for root, depending on the sudoers configuration.
The option NOPASSWD indicates to sudo that it does not have to ask the user for the corresponding password.
The option NOPASSWD indicates to sudo that it does not have to ask the user for the corresponding password.
Resolution
So for Sentinel execution, the rule on sudoers only dictates the following:
The user novell, on any server (novell ALL =), acting as root, without need to type a password, (NOPASSWD:), can execute the commands mount and umount, ONLY these commands, as the root user.
The user novell, on any server (novell ALL =), acting as root, without need to type a password, (NOPASSWD:), can execute the commands mount and umount, ONLY these commands, as the root user.
Cause
This configuration is needed because Sentinel uses squash file system
for the event data partitions, the event data, and when you execute a
search, it needs mount and umount commands, for these event data
partitions on file system, to search for your data.
If this configuration is not in place, the indexing of event data will be impacted.