Veritas-bu

[Veritas-bu] Start NBU non-root

2007-05-11 06:02:26
Subject: [Veritas-bu] Start NBU non-root
From: david.clooney at bankofamerica.com (Clooney, David)
Date: Fri, 11 May 2007 11:02:26 +0100
Thanks Justin,

Not such a bad idea, as this server is merely a vm slice that doesn't do
any backups, it purely has the binaries installed in order to retrieve
info from the other masters.

Dave

-----Original Message-----
From: Justin Piszcz [mailto:jpiszcz at lucidpixels.com] 
Sent: 11 May 2007 10:52
To: Clooney, David
Cc: veritas-bu at mailman.eng.auburn.edu
Subject: RE: [Veritas-bu] Start NBU non-root

Someone tried to do this in a previous environment that I took over last

year, the problem?  When you upgrade, it will all break.  The 'hack'
they 
implemented was to make sure all of the binaries were suid root and that

the 'operator/apache' user could run them. Bad idea though.

Justin.

On Fri, 11 May 2007, Clooney, David wrote:

> Justin,
>
> Another thought then,  would it be possible to give the apache user
> permissions to read and execute all the netbackup binaries. If so
would
> the commands be successful ?
>
> Dave
>
> -----Original Message-----
> From: veritas-bu-bounces at mailman.eng.auburn.edu
> [mailto:veritas-bu-bounces at mailman.eng.auburn.edu] On Behalf Of
Clooney,
> David
> Sent: 11 May 2007 10:42
> To: Justin Piszcz
> Cc: veritas-bu at mailman.eng.auburn.edu
> Subject: Re: [Veritas-bu] Start NBU non-root
>
> Thanks Justin,
>
> Well I guess that's that then :-)
>
> Dave
>
> -----Original Message-----
> From: Justin Piszcz [mailto:jpiszcz at lucidpixels.com]
> Sent: 11 May 2007 10:40
> To: Clooney, David
> Cc: veritas-bu at mailman.eng.auburn.edu
> Subject: Re: [Veritas-bu] Start NBU non-root
>
> NBU requires root.  End of story really.
>
> Justin.
>
> On Fri, 11 May 2007, Clooney, David wrote:
>
>> Hi all,
>>
>>
>>
>> Scenario:  Linux RD 3 5.1 MP6
>>
>>
>>
>> Does anyone know if its possible to start netbackup as non root? Know
> it
>> sounds strange however this server is used merely for info retrieval
>> from other masters through CGI, currently policy specifies that
apache
>> cannot be started as root understandably for security reasons.
>>
>>
>>
>> If I could start NBU as the same user as what apache does, it would
> make
>> my life a lot easier ?
>>
>>
>>
>> Regards
>>
>>
>>
>> Dave
>>
>> This email (including any attachments) may contain confidential
and/or
>> privileged information or information otherwise protected from
>> disclosure. If you are not the intended recipient, please notify the
>> sender immediately, do not copy this message or any attachments and
do
>> not use it for any purpose or disclose its content to any person, but
>> delete this message and any attachments from your system. Astrium
>> disclaims any and all liability if this email transmission was virus
>> corrupted, altered or falsified.
>> ---------------------------------------------------------------------
>> Astrium Limited, Registered in England and Wales No. 2449259
>> Registered Office: Gunnels Wood Road, Stevenage, Hertfordshire, SG1
> 2AS,
>> England
>>
>>
>>
>>
>> Notice to recipient:
>> The information in this internet e-mail and any attachments is
> confidential and may be privileged. It is intended solely for the
> addressee. If you are not the intended addressee please notify the
> sender immediately by telephone. If you are not the intended
recipient,
> any disclosure, copying, distribution or any action taken or omitted
to
> be taken in reliance on it, is prohibited and may be unlawful.
>>
>> When addressed to external clients any opinions or advice contained
in
> this internet e-mail are subject to the terms and conditions expressed
> in any applicable governing terms of business or client engagement
> letter issued by the pertinent Bank of America group entity.
>>
>> If this email originates from the U.K. please note that Bank of
> America, N.A., London Branch and Banc of America Securities Limited
are
> authorised and regulated by the Financial Services Authority.
>>
>
>
>
> Notice to recipient:
> The information in this internet e-mail and any attachments is
> confidential and may be privileged. It is intended solely for the
> addressee. If you are not the intended addressee please notify the
> sender immediately by telephone. If you are not the intended
recipient,
> any disclosure, copying, distribution or any action taken or omitted
to
> be taken in reliance on it, is prohibited and may be unlawful.
>
> When addressed to external clients any opinions or advice contained in
> this internet e-mail are subject to the terms and conditions expressed
> in any applicable governing terms of business or client engagement
> letter issued by the pertinent Bank of America group entity.
>
> If this email originates from the U.K. please note that Bank of
America,
> N.A., London Branch and Banc of America Securities Limited are
> authorised and regulated by the Financial Services Authority.
> _______________________________________________
> Veritas-bu maillist  -  Veritas-bu at mailman.eng.auburn.edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
>



Notice to recipient:
The information in this internet e-mail and any attachments is confidential and 
may be privileged. It is intended solely for the addressee. If you are not the 
intended addressee please notify the sender immediately by telephone. If you 
are not the intended recipient, any disclosure, copying, distribution or any 
action taken or omitted to be taken in reliance on it, is prohibited and may be 
unlawful.

When addressed to external clients any opinions or advice contained in this 
internet e-mail are subject to the terms and conditions expressed in any 
applicable governing terms of business or client engagement letter issued by 
the pertinent Bank of America group entity.

If this email originates from the U.K. please note that Bank of America, N.A., 
London Branch and Banc of America Securities Limited are authorised and 
regulated by the Financial Services Authority.