Re: [Networker] Can a non-root user run nsrjb command?

George Sinclair wrote:
> I'm not aware that the NSR jukebox resource would do anything for you.
> The user doesn't need to update/modify this resource, they need to be
> able to do things like import/export/label/inventory tapes, stuff like
> that.

Well Tarik is correct but I don't think he explained too well what this
allows you to do.
It is rather obscure, but there are a number of attributes you can
update in the NSR jukebox resource (from nwadmin or nsradmin) which will
cause nsrjb commands to be executed (as root, naturally). I believe the
relevant attributes are:
                   operation: ;
            operation device: ;
             operation slots: ;
             operation ports: ;
           operation options: ;
          operation barcodes: ;
but some others may also be relevant.
In order to use this functionality you would probably need to spend a
fair bit of time scripting the actions you require, it's obscure but
possible. I haven't done it myself, I prefer to take the easy option and
use sudo or a suid perl script.

> 
> The command line nsrjb binary is nice since it allows you to label tapes
> using multiple drives. The wadmin GUI too seems limited to whatever
> drive you select. Also, the Unix version of nwadmin does not offer an
> import/export tape feature like the Windows version does,

Actually it does, but it is hidden away. In fact it uses the same
attributes mentioned above. Look at the operation field of the NSR
jukebox resource, it's a hidden attribute. The pull down values include
deposit, withdraw, and reset. You might find this useful.

> 
> Tarik El Mansouri wrote:
> 
>> Hello
>>
>> Yes it's possible.
>> Two ways.
>>
>> It's possible on Solaris using RBAC (/etc/security directory).
>> The other way is to use an nsradmin script by updating the "NSR
>> jukebox ressource"
>>
>> Regards,
>> Tarik EL MANSOURI
>>
>>
>>
>>
>>
>>
>> --- George Sinclair <George.Sinclair AT NOAA DOT GOV> a écrit :
>>
>>  
>>
>>> Hi,
>>>
>>> Is it possible for a non-root user, who is on the administator list,
>>> to be able to run the nsrjb command without resorting to Sudo? It
>>> appears that only the super user can run this, as the non-root
>>> administrator receives:
>>>
>>> nsrjb: You are not authorized to run this command.
>>>
>>> and the user was logged in on the primary server and storage node,
>>> and is listed for each in the server setup.
>>>
>>> Seems that if you can perform functions like labeling, inventorying,
>>> etc. via the GUI then you should be able to do it from the command
>>> line, too, using nsrjb? Why does NetWorker not allow this? Am I
>>> missing something? The file permissions on the binary allow it, but
>>> looks like NetWorker is still saying 'no' if you're not super user. 
>>> The command line is preferred for many things but looks like only the
>>> Sudo utility will be a work around? Not opposed to it, just asking.
>>>
>>> Also, are there other NetWorker binaries that a non-root user cannot
>>> run BUT that  a backup tape operator or assistant would need? nsrjb
>>> is the main one I can think of.

--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listserv.temple DOT edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
also view and post messages to the list. Questions regarding this list
should be sent to stan AT temple DOT edu
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=