Veritas-bu

[Veritas-bu] Managing Netbackup as non-root

2002-10-09 19:07:22
Subject: [Veritas-bu] Managing Netbackup as non-root
From: scott.kendall AT abbott DOT com (scott.kendall AT abbott DOT com)
Date: Wed, 9 Oct 2002 18:07:22 -0500
there is a script provided by veritas that does many of the functions
mentioned below in excerpt for #4.  it's called nonroot_admin.  look at page
378 in the 4.5 netbackup unix SAG.

a lot of files have the group and permissions changed when this script is ran,
but it appears that a lot of things still need root so you'll see a lot of
files with the set uid bit turned on (which means the filesystem can not be
mounted with the nosuid option) to allow you to run them as a member of the
group, but as root.

you'll also find that this script doesn't change things like logs or goodies
directory, which you'll probably want, or even the bp.conf file (I guess they
want you to always modify this through the netbackup interface).

I'm struggling with #2 right now on 4.5.  How do you do this David?

I ran the nonroot_admin script.  As a member of the appropriate group, I can
run /usr/openv/netbackup/bin/goodies/netbackup start (after changing
permissions on goodies stuff) but I am missing the following process (seen
with bpps) that I get when I run the same script as root.

/usr/openv/db/bin/nbdbd --basedir=/usr/openv/db --datadir=/usr/openv/db/var
--u


- Scott



                                                                                
                                                   
                    "David A. Chapa"                                            
                                                   
                    <david AT datastaff DOT com>                To:     
markjessup AT northwesternmutual DOT com                                 
                    Sent by:                             cc:     veritas-bu AT 
mailman.eng.auburn DOT edu                                 
                    veritas-bu-admin AT mailman DOT eng.        Subject:     
Re: [Veritas-bu] Managing Netbackup as non-root              
                    auburn.edu                                                  
                                                   
                                                                                
                                                   
                                                                                
                                                   
                    10/09/2002 02:59 PM                                         
                                                   
                                                                                
                                                   
                                                                                
                                                   




Mark:

> 1) Can Netbackup be installed as non-root?
No, must be root in order to install the product.  However, you can allow non-
root users to "update" existing clients using the scripts.

> 2) Can Netbackup processes be stopped and started by non-root userids?
Yes (see #4), or you can use sudo as well.

> 3) How are other primary contacts for Netbackup supporting the product,
> Root vs Non-root userids?
Many of my clients have gone with sudo, its easily scripted and from an audit
perspective everything is logged.

> 4) Can all Netbackup commands be run with a non-root userid? Is this
> documented?
Yes and Yes, page 253 of the NB34 Admin Guide for Unix using Java or here's an

excerpt for the NBU 3.2 Admin Guide:

---BEGIN EXCERPT---
By default, you must be a root user to perform NetBackup administration
through xbpadm or bpadm. The following procedure describes a method for
authorizing nonroot users to use these utilities.

1. Create a distinct UNIX group (for example, nbadmin).

2. Execute the following commands as the root user on the NetBackup master
server:
cd /usr/openv/netbackup/bin
chgrp nbadmin bpadm xbpadm xbpmon initbprd bprd bpdbm xnb
chmod 4550 bpadm xbpadm xbpmon bprd initbprd bpdbm
cd admincmd
chgrp nbadmin *
---END EXCERPT---


David

Quoting markjessup AT northwesternmutual DOT com:

> We are in the process of implementing Netbackup 4.5 into a new HP-UX
> environment.  Our Backup team is a separate group then our Unix Admin
> team.  There is a move to limit root access to our Unix servers.  This
> would apply to the Backup team also.
>
> My questions are:
>
> 1) Can Netbackup be installed as non-root?
> 2) Can Netbackup processes be stopped and started by non-root userids?
> 3) How are other primary contacts for Netbackup supporting the product,
> Root vs Non-root userids?
> 4) Can all Netbackup commands be run with a non-root userid? Is this
> documented?
>
> Any info on this topic would be greatly appreciated.  Thanks!
>
>
>
> Mark Jessup
> IS Manager, Enterprise Storage and Output Management
> Northwestern Mutual
> (414) 665-3968
> markjessup AT northwesternmutual DOT com
>
>
>



_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu





<Prev in Thread] Current Thread [Next in Thread>