Veritas-bu

[Veritas-bu] RE: Administering netbackup without being root

2002-10-29 22:59:36
Subject: [Veritas-bu] RE: Administering netbackup without being root
From: mark_eisenhardt AT stoneybrookfl DOT com (Mark Eisenhardt)
Date: Tue, 29 Oct 2002 22:59:36 -0500
Hi,
I've been reading through some of these threads on administering NBU without
root. All have been good responses, especially the point about if your
responsible for the company's data how come you can't be trusted with root.
Another question that was raised from this is how would complete recovery of
the business critical systems be performed in the case of disaster recovery?

What our company decided on, and this isn't for everyone, was to purchase
and implement PowerBroker to allow non root users the ability to admin NBU.
Our company frowns on sudo (security issues) so we were forced to find an
alternative. This allowed us to set up user/users with only/all NBU
functions and CLI that they require to perform their jobs.
This still requires that the Systems Administrators and the NBU
administrators work together to accomplish the required goal.

Currently our Operations are running countless number of menu driven scripts
as well as use of allowed GUI and Xsession commands. Detailed reports are
sent to the Sys Admin of all successful and failed/rejected attempted
commands issued along with the userid and time issued. This has satisfied
our audit department and life is good again.

This is relatively inexpensive, by my standards, around $2k (or less) to
implement for a master/media server. (but it is an additional cost above the
already pricey veritas)
HTH
If you would like any additional info on the above please feel free to ask.
Work email: mark.eisenhardt AT hughessupply DOT com   or reply to this one.
Mark Eisenhardt

-----Original Message-----
From: veritas-bu-admin AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu]On Behalf Of Steven L. 
Sesar
Sent: Tuesday, October 29, 2002 9:43 PM
To: William Enestvedt; Veritas-bu AT mailman.eng.auburn DOT edu
Subject: Re: [Veritas-bu] RE: Administering netbackup without being root

On Tuesday 29 October 2002 11:57 am, William Enestvedt wrote:
> Paul Winkelerwrote:
> > It is easy enough to insert "sudo" in front of the
> > NetBackup commands and it even gives you a nice audit trail!
>
>    (Yes, I know that the discussion isn't about using the Java interface.
> But...) Can you run 'sudo jnbSA' and only have to supply your password
> once? -wde

If you're asking whether or not 'sudo jnbSA' will give the user full
administrative access to NBU, the answer is, yes.

--steve

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu


<Prev in Thread] Current Thread [Next in Thread>