ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Domino, scheduler and root id

2005-08-11 09:13:41
Subject: Re: Domino, scheduler and root id
From: "Gilbert, Guillaume" <guillaume_gilbert AT STORAGETEK DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Thu, 11 Aug 2005 07:13:23 -0600 
Hi Steve

Check the USER option in the client guide. I think it will help. 


Guillaume Gilbert
Storage Architect
514.866.8876 Office
514.866.0901 Fax
514.290.6526 Cellular
guillaume_gilbert AT storagetek DOT com
StorageTek Canada Inc.
INFORMATION made POWERFUL

-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Steven Harris
Sent: August 10, 2005 21:47
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] Domino, scheduler and root id

Hi All,

AIX 5.2, TSM Server 5.2.0.0 (working on an upgrade), Client 5.2.0.0,
domino client 5.1.5.0, domino 6.5.4

My predecessor set up this environment using AIX srcmgr facilty to run a
dsmc sched process for each domino instance - there are 8 on this
machine, and they run under the root id. The domino instances themselves
have a different unix id for each instance.  Each instance is logically
separate with its own file systems, domino binaries and a tsm directory
that contains domdsm.cfg, dsm.opt, logs and a security directory
containing the TSM.PWD file for the instance.  We can literally export a
couple of volume groups and import them elsewhere to move a domino
instance to another AIX lpar.

Domino backups are scheduled using a command schedule, and in the script
the backup is run under the unix ID for the instance.

The problem is that when PASSWD GENERATE does its thing, the TSM.PWD
file is deleted and re-created with the new password.  This is done by
the scheduler process and so the new TSM.PWD file has root ownership.
Thus the backups fail as they can't access the new encrypted password.

So, I've tried to fix this by running dsmc sched as the domino user, but
I get

ANS1817E Schedule function can only be run by a TSM authorized user.

I've set up a TSM admin with node ownership, and I can run dsmc command
line as the domino user, but not the scheduler.  dsmcad won't work
either.

Is there any solution other than running everything as root or resorting
to cron?  I'd like to domino admins to be able to check logs and don't
want them to have root access, but using separate users also has nice
safeguards when it comes to restoring in the right environment.

TIA

Steve

Steve Harris
AIX and TSM Admin
Sydney, Australia
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Mountable not in library, Richard Sims
Next by Date:  Re: 1 of 3 TOR reports refuses to generate?, Steve Schaub
Previous by Thread:  Re: Domino, scheduler and root id, Scott Grover
Next by Thread:  Mountable not in library, Dave Zarnoch
Indexes:  [Date] [Thread] [Top] [All Lists]