I have created a user NetBackup and added in
/usr/openv/java/auth.conf file, this user can do
almost anything root can. No need to change anything
else.
e.g.
#cat auth.conf
root ADMIN=ALL JBP=ALL
NetBackup ADMIN=ALL JBP=ALL
--- scott.kendall AT abbott DOT com wrote:
>
> there is a script provided by veritas that does many
> of the functions
> mentioned below in excerpt for #4. it's called
> nonroot_admin. look at page
> 378 in the 4.5 netbackup unix SAG.
>
> a lot of files have the group and permissions
> changed when this script is ran,
> but it appears that a lot of things still need root
> so you'll see a lot of
> files with the set uid bit turned on (which means
> the filesystem can not be
> mounted with the nosuid option) to allow you to run
> them as a member of the
> group, but as root.
>
> you'll also find that this script doesn't change
> things like logs or goodies
> directory, which you'll probably want, or even the
> bp.conf file (I guess they
> want you to always modify this through the netbackup
> interface).
>
> I'm struggling with #2 right now on 4.5. How do you
> do this David?
>
> I ran the nonroot_admin script. As a member of the
> appropriate group, I can
> run /usr/openv/netbackup/bin/goodies/netbackup start
> (after changing
> permissions on goodies stuff) but I am missing the
> following process (seen
> with bpps) that I get when I run the same script as
> root.
>
> /usr/openv/db/bin/nbdbd --basedir=/usr/openv/db
> --datadir=/usr/openv/db/var
> --u
>
>
> - Scott
>
>
>
>
>
>
> "David A. Chapa"
>
>
> <david AT datastaff DOT com>
> To: markjessup AT northwesternmutual DOT com
>
> Sent by:
> cc: veritas-bu AT mailman.eng.auburn DOT edu
>
> veritas-bu-admin AT mailman DOT eng.
> Subject: Re: [Veritas-bu] Managing Netbackup
> as non-root
> auburn.edu
>
>
>
>
>
>
>
>
> 10/09/2002 02:59 PM
>
>
>
>
>
>
>
>
>
>
>
>
> Mark:
>
> > 1) Can Netbackup be installed as non-root?
> No, must be root in order to install the product.
> However, you can allow non-
> root users to "update" existing clients using the
> scripts.
>
> > 2) Can Netbackup processes be stopped and started
> by non-root userids?
> Yes (see #4), or you can use sudo as well.
>
> > 3) How are other primary contacts for Netbackup
> supporting the product,
> > Root vs Non-root userids?
> Many of my clients have gone with sudo, its easily
> scripted and from an audit
> perspective everything is logged.
>
> > 4) Can all Netbackup commands be run with a
> non-root userid? Is this
> > documented?
> Yes and Yes, page 253 of the NB34 Admin Guide for
> Unix using Java or here's an
>
> excerpt for the NBU 3.2 Admin Guide:
>
> ---BEGIN EXCERPT---
> By default, you must be a root user to perform
> NetBackup administration
> through xbpadm or bpadm. The following procedure
> describes a method for
> authorizing nonroot users to use these utilities.
>
> 1. Create a distinct UNIX group (for example,
> nbadmin).
>
> 2. Execute the following commands as the root user
> on the NetBackup master
> server:
> cd /usr/openv/netbackup/bin
> chgrp nbadmin bpadm xbpadm xbpmon initbprd bprd
> bpdbm xnb
> chmod 4550 bpadm xbpadm xbpmon bprd initbprd bpdbm
> cd admincmd
> chgrp nbadmin *
> ---END EXCERPT---
>
>
> David
>
> Quoting markjessup AT northwesternmutual DOT com:
>
> > We are in the process of implementing Netbackup
> 4.5 into a new HP-UX
> > environment. Our Backup team is a separate group
> then our Unix Admin
> > team. There is a move to limit root access to our
> Unix servers. This
> > would apply to the Backup team also.
> >
> > My questions are:
> >
> > 1) Can Netbackup be installed as non-root?
> > 2) Can Netbackup processes be stopped and started
> by non-root userids?
> > 3) How are other primary contacts for Netbackup
> supporting the product,
> > Root vs Non-root userids?
> > 4) Can all Netbackup commands be run with a
> non-root userid? Is this
> > documented?
> >
> > Any info on this topic would be greatly
> appreciated. Thanks!
> >
> >
> >
> > Mark Jessup
> > IS Manager, Enterprise Storage and Output
> Management
> > Northwestern Mutual
> > (414) 665-3968
> > markjessup AT northwesternmutual DOT com
> >
> >
> >
>
>
>
> _______________________________________________
> Veritas-bu maillist -
> Veritas-bu AT mailman.eng.auburn DOT edu
>
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
>
>
>
>
> _______________________________________________
> Veritas-bu maillist -
> Veritas-bu AT mailman.eng.auburn DOT edu
>
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com
|