Networker

Re: [Networker] configure clients as administrators on NetWorker server

2009-10-13 08:49:25
Subject: Re: [Networker] configure clients as administrators on NetWorker server
From: Will Parsons <w.parsons AT LEEDS.AC DOT UK>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Tue, 13 Oct 2009 13:44:50 +0100
HI Joey,
From what I remember, the reasoning behind this is to allow the "application owner" to keep the Networker index up to date. This would allow RMAN to control the ageing out of backup entries from the Client File Index once they have passed it's own retention policy (so that the two backup catalogues stay in sync). (With NMM I think it's to do with registering VSS snapshots in the index).

IF there were fine grained access control within NetWorker, then we might be able to delegate rights to ONLY do the things they need to do to Networker. As there isn't, the sledge-hammer comes out and they need Administrator rights.

So, that's why, and yes - it's a huge security hole for anyone who's got teh good sense not to trust their server-admins ;-)

Will

Joey Admin wrote:
Hi all.

What is this with RMAN backups and NMM backups, that you need to make an
entry such as this one on the NetWorker server in the list of administrators:

user=system,host=host.domain.com
user=administrator,host=host.domain.com

I'm not confortable listing users on a particular client as an administrator
of the NetWorker zone.

Don't you think this is a security hole?
Joey

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the body of the email. Please write to networker-request 
AT listserv.temple DOT edu if you have any problems with this list. You can access the 
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER


--


w.parsons AT leeds.ac DOT uk
UNIX Support
Information Systems Services
The University of Leeds
+44 113 343 5670

“I’m not against progress, it’s the change I do not like” – Mark Twain

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the body of the email. Please write to networker-request 
AT listserv.temple DOT edu if you have any problems with this list. You can access the 
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER