Re: [Networker] Can a non-root user run nsrjb command?
2005-06-17 09:52:33
Thank you. That was very helpful. I played around with those operation
fields from the GUI as a non-root administrator, and they work okay.
Will probably use this method since scripting is a bit too much right
now. A non-root administrator(s) can use the GUI for this, but may
consider setting up Sudo at some point in the near future.
One thing I notice, though, is that the GUI isn't very good at letting
you know you've attempted an illegal operation like trying to import a
tape into an occupied slot or trying to import a tape when there is
nothing in the CAP door to import and/or if you were, say specifying the
wrong Port number. The nsrjb command will tell or warn you. I see
nothing in the messages window for Nwadmin or the jukebox window itself
when doing this via the GUI. Even /nsr/logs/messages or daemon.log
mentions nothing.
Question:
Is there a way to monitor the progress of the withdraw or deposit
functions? The GUI shows no hourglass or progress indicator. For things
like labeling and inventorying, the main window at least shows some
activity, but for deposits/withdrawals, it just comes right back. The
"Messages" field in the jukebox window does get updated but only after
the operation completes, and you have to close it out and re-open that
screen to see the new entry; it's not real-time. The only way I can see
is to login to the storage node or server and run something like: 'ps
-ef l | grep nsrjb' to see if the actual nsrjb process is running. Of
course, the user could do this or look at the mount list to see if the
volumes are listed in the slots, but it is nice to know when the command
is completed. With the nsrjb command at least you know when it's done.
Thanks.
George
Davina Treiber wrote:
George Sinclair wrote:
I'm not aware that the NSR jukebox resource would do anything for you.
The user doesn't need to update/modify this resource, they need to be
able to do things like import/export/label/inventory tapes, stuff like
that.
Well Tarik is correct but I don't think he explained too well what this
allows you to do.
It is rather obscure, but there are a number of attributes you can
update in the NSR jukebox resource (from nwadmin or nsradmin) which will
cause nsrjb commands to be executed (as root, naturally). I believe the
relevant attributes are:
operation: ;
operation device: ;
operation slots: ;
operation ports: ;
operation options: ;
operation barcodes: ;
but some others may also be relevant.
In order to use this functionality you would probably need to spend a
fair bit of time scripting the actions you require, it's obscure but
possible. I haven't done it myself, I prefer to take the easy option and
use sudo or a suid perl script.
The command line nsrjb binary is nice since it allows you to label tapes
using multiple drives. The wadmin GUI too seems limited to whatever
drive you select. Also, the Unix version of nwadmin does not offer an
import/export tape feature like the Windows version does,
Actually it does, but it is hidden away. In fact it uses the same
attributes mentioned above. Look at the operation field of the NSR
jukebox resource, it's a hidden attribute. The pull down values include
deposit, withdraw, and reset. You might find this useful.
Tarik El Mansouri wrote:
Hello
Yes it's possible.
Two ways.
It's possible on Solaris using RBAC (/etc/security directory).
The other way is to use an nsradmin script by updating the "NSR
jukebox ressource"
Regards,
Tarik EL MANSOURI
--- George Sinclair <George.Sinclair AT NOAA DOT GOV> a écrit :
Hi,
Is it possible for a non-root user, who is on the administator list,
to be able to run the nsrjb command without resorting to Sudo? It
appears that only the super user can run this, as the non-root
administrator receives:
nsrjb: You are not authorized to run this command.
and the user was logged in on the primary server and storage node,
and is listed for each in the server setup.
Seems that if you can perform functions like labeling, inventorying,
etc. via the GUI then you should be able to do it from the command
line, too, using nsrjb? Why does NetWorker not allow this? Am I
missing something? The file permissions on the binary allow it, but
looks like NetWorker is still saying 'no' if you're not super user.
The command line is preferred for many things but looks like only the
Sudo utility will be a work around? Not opposed to it, just asking.
Also, are there other NetWorker binaries that a non-root user cannot
run BUT that a backup tape operator or assistant would need? nsrjb
is the main one I can think of.
--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listserv.temple DOT edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
also view and post messages to the list. Questions regarding this list
should be sent to stan AT temple DOT edu
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listserv.temple DOT edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
also view and post messages to the list. Questions regarding this list
should be sent to stan AT temple DOT edu
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
|
|
|