ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: UNIX File Permissions

1998-04-10 14:11:51
Subject: Re: UNIX File Permissions
From: "Louie, James" <LouieJ AT NABISCO DOT COM>
Date: Fri, 10 Apr 1998 14:11:51 -0400 
> Andy,
>
> In the UNIX environment (AIX), ADSM will only allow a user to
> backup/restore files for which he is the owner. The exception, of course,
> is the ROOT user. Root may backup and restore any file.
>
> We contacted IBM about this issue because it was causing problems for us
> as well. Beginning at version 3.1 of ADSM a "work-around" became
> available. If a user specified the VIRTUALNODENAME option in his DSM.OPT
> file, he would gain backup/restore authority based on the UNIX read/write
> permissions. This would create a userid with more backup/restore authority
> than the average user, but less authority than the ROOT user.
>
> To accomplish this, we did the following:
> *     Created all new ADSM nodenames for the UNIX processors. Our
> nodenames were the same as hostname. The virtualnodename may not specify
> the hostname.
>
> *     Added the NODENAME option to the DSM.SYS file to specify the new
> nodename.
>
> *     Created a second DSM.OPT file named DSM.OPT2 that contained the
> VIRTUALNODENAME option.
>
> *     Modified the .profile files of specific users to export a DSM_CONFIG
> variable containing the path to the new DSM.OPT2 file.
>
> To secure this function, we also gave the DSM_OPT2 permissions of
> .rw-r-----, an owner of ROOT, and a group of ADSM. By doing this, a user
> must be granted access to the ADSM group before he can access the DSM.OPT2
> file giving him higher backup/restore authority.
>
>
> Jon M. Nazar
> Nabisco Inc.
> Wilkes-Barre, PA
> NazarJ AT Nabisco DOT com
>
> -----Original Message-----
> From: Schauerte, Andrew P (NM75)
> [mailto:andrew.schauerte AT DAS.HONEYWELL DOT COM]
> Sent: Friday, April 10, 1998 12:12 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: UNIX File Permissions
>
>
> I understand that ADSM will not allow a non-root accounts to restore files
> that are owned by root.  Will ADSM allow root files to be restored by a
> non-root user if the permissions on the file owned by root are
> read-write-exec for everyone, or the file is in the same group as the
> person doing the restore?   I am currently running ADSM V2 on an AIX 4.2
> Server- and the client is HPUX 9.04.  It looks like ADSM only looks at the
> owner of the file.  Am I missing something?  Thanks in advance.
>
>                 Andy Schauerte
>                 Honeywell Defense Avionics Systems
>                 Albuquerque NM
>                 87113
>                 (505) 828-5383
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  UNIX File Permissions, Schauerte, Andrew P (NM75)
Next by Date:  3.1 server for MVS problems, Mike Stewart
Previous by Thread:  UNIX File Permissions, Schauerte, Andrew P (NM75)
Next by Thread:  Re: UNIX File Permissions, Koen Leeten
Indexes:  [Date] [Thread] [Top] [All Lists]