ADSM-L

Re: Why does dsm think I am root?

1996-12-28 14:57:57
Subject: Re: Why does dsm think I am root?
From: Andy Raibeck <araibeck AT VNET.IBM DOT COM>
Date: Sat, 28 Dec 1996 11:57:57 PST
Helmut Richter wrote:

>> I start the dsm GUI from my personal account on an RS/6000.  I did not su
>> to it from root, but if I select "Utilities", "Display options", the
>> "User ID:" field shows "root<virtual>".  Why does dsm think I am root?

>Perhaps you specified the nodename option. That makes ADSM believe you
>want to log in as root: the passwordaccess option will not be honoured,
>nd you will be prompted for the password. If you want to use more than
>ne nodename without these effects, you have to define more than one
>erver name: if the nodename is determined via the server name, you may
>og in to ADSM as a normal user. AFAIK, these features are undocumented.

The part about "virtual root user" is described in "Using the UNIX
Backup-Archive Client" book in the NODENAME reference section:

     When you use the NODENAME option, ADSM prompts you for the
     ADSM password assigned to the node you specify if a password is
     required.  If you know the password, you become a virtual root user
     and have access to all files backed up or archived from the node you
     specify with the NODENAME option.

So you may not want your end-users to have the password (use
PASSWORDACCESS GENERATE).

I agree that it is not clear at all that you can use the SERVERNAME
option to point to the same ADSM server, but with different settings
(like NODENAME). And in general, the security issues associated with
the ADSM UNIX clients need to be documented better, too. I will look
into this.

Andy Raibeck
ADSM Level 2 Support
<Prev in Thread] Current Thread [Next in Thread>