it surely sounds interesting+discouraging now... so you mean they can
potentially wipe out your whole machine? :) i was just trying to run the
scheduler as a non-privileged user and without success.

i used to be a unix sysadmin as well as adsm admin and did not think about
it that way. i guess i trusted myself then. :) why do you let them handle
your data if you may have just a slightest doubt that they might somehow
undermine its integrity? imho, adsm admins who deal with unix clients' data
should at least be unix very literate. and you will have to trust them that
they can and will do their job well.

anyway just my 2 cents. but you're right, i'm worrying about it now... :)



yu chen




yu chen








From: O1=INET00/C=US/A=IBMX400/P=STATEFARM/DD.RFC-822=ADSM-L\@VM.MARIST.EDU
on 01/28/99 09:11:27 AM
To:   ADSM-L
cc:
Subject:  Re: Authority Questions...

Central scheduling adds an interesting twist to this discussion. Using the
DEFINE SCHEDULE or DEFINE CLIENTACTION command with ACTION=COMMAND allows
an
ADSM server administrator to run arbitrary commands on any clients using
central scheduling. These commands will run with whatever privilege level
the
scheduler process has. This is normally root in Unix environments. I gather
that it is normally a highly privileged ID on other types of client
systems.