Here's the situation:   We are a managed hosting company that uses TSM
for backup,  and we would like to hand off day to day administration of
the environement to the operations staff.  There are a number of
inexperienced (in TSM) staff.  We want a way to audit (beyond the normal
activity log) what it is these people do.  Therefore, I have written a
wrapper script to dsmadmc that uses tee to send stdout to the screen and
to a file.  We use a similar script for logging ssh.

Once the script is working, dsmadmc on the administrative host will only
be executable by the user that the wrapper runs as.

But here is what happens when the script runs (I'm passing a username
and password on the command line, I would also like a way to hide this
from the process list, i.e. take them out of a file or something):

bookworm:~$ sudo -u svadmin /usr/local/sbin/svadmindsm i01sv0600
-- --
-- WARNING: This session is logged. --
-- --
Executing command - hostname i01sv0600
Tivoli Storage Manager
Command Line Administrative Interface - Version 4, Release 2, Level 3.0
(C) Copyright IBM Corporation, 1990, 2001, All Rights Reserved.

Session established with server I01SV600: Solaris 7/8
  Server Version 4, Release 2, Level 4.1
  Server date/time: 10/01/03   17:24:31  Last access: 10/01/03
15:53:43


tsm: I01SV600>ANS8025E I/O Error reading command input.

ANS8002I Highest return code was 0.

bookworm:~$

Jon Stanley
Hosting Systems Engineer
SAVVIS Communications
1 SAVVIS Parkway
Town & Country, MO 63017
SAVVIS, The Network That Powers Wall Street(SM)
314-628-7570 (direct)
314-265-4690 (mobile)
pagejon AT savvis DOT net (pager)
866-234-4678 (Toll Free)
jon.stanley AT savvis DOT net