ADSM-L

Re: BackupStgpool preparation

2005-06-21 11:22:44
Subject: Re: BackupStgpool preparation
From: "Stapleton, Mark" <mark.stapleton AT BERBEE DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Tue, 21 Jun 2005 10:22:35 -0500
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On 
Behalf Of Allen S. Rout
>How do you folks deal with the desire to automatically answer 
>the question
>
>"Are my copy pools up to date"
>
>In order to automate the above-quoted query, it is necessary that the
>logged-in ID have storage authority on the pools in question.  
>This makes it
>(in my opinion) a dangerous ID to have its' password sitting around in
>plaintext somewhere on disk.

You set the permissions for the batch file that runs 

  BACKUP STG POOL1 POOL2 PREVIEW=YES

to "Full Control" for local administrators and the System ID, and no
access otherwise (TSM for Windows), or you chmod it 700, with the TSM
admin's ID as the owner of the file (TSM for UNIX/Linux).

If root, the admin's UNIX ID, or the local admin IDs are compromised,
you've got far larger problems than a cleartext batch file that runs a
BACKUP STG could possibly cause.

It all boils down to secure passwords and proper permission settings,
just as it always has.

--
Mark Stapleton (stapleton AT berbee DOT com)
IBM Certified Advanced Deployment Professional
  Tivoli Storage Management Solutions 2005
IBM Certified Advanced Technical Expert (CATE) AIX
Office 262.521.5627

<Prev in Thread] Current Thread [Next in Thread>