We've found our application servers for IGL have very insecure sudoers files. Among other things, it allows editing the /etc/hosts file, although there do not appear to be any special entries in the file. It also allows running the reboot and/or shutdown commands and /bin/hostname, all as the oracle user.
It looks like someone provided a ton of random sudo access for a vendor and never cleaned up afterwards.
Is this sudo access required by the IGL application?
I actually had to open a support case and the response I got is below. We ended up having to manually comb through the sudoers file and remove multiple entries due to the lack of sufficient info in the referenced doc. I still don't know if there was any ill effect because we are having other issues with our upgrade.
"..in the Attached guide, under section Configure the User Schema Privilege Grants, all required permissions are listed, categorized with users and level of permissions.
Any permission that is not listed in the guide can be safely removed without affecting G&L."
We also have this concern. I've opened a support case in regards to this. Were you able to get any resolution in regards to this?