Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Veritas-bu] Account to run with Netbackup 6.5.x

2008-08-16 20:06:47
Subject: Re: [Veritas-bu] Account to run with Netbackup 6.5.x
From: "Jeff Lightner" <jlightner AT water DOT com>
To: <jcode AT yahoo DOT com>, <veritas-bu AT mailman.eng.auburn DOT edu>
Date: Sat, 16 Aug 2008 19:56:18 -0400 
I don't think so.  NBU has to have root access to be able to read and
write all directories.   

In the last S-OX environment I was in I don't believe we tried to do
this with NBU.   Also in the FDA "Validated" environment (which makes
S-OX look like a walk in the park as far as regulations go) that I
worked in prior to that we ran NBU in root as well.

Letting NBU run in root isn't an issue so long as you're restricting who
has access to NBU to the same subset of folks that have root access
already.   You then need to have documented policies as to who is
allowed to do what and when.  (That is to say just because someone CAN
do things in root doesn't mean they SHOULD become root without good
reason - policies and monitoring can assist with insuring compliance.)

-----Original Message-----
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of jcode
Sent: Saturday, August 16, 2008 7:37 PM
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] Account to run wiith Netbackup 6.5.x

We are getting ready to upgrade from NB 5.x to 6.5.1 running solaris 10
update 5. - The system is considered part of a SoX / Quality / HIPPA
environment.

My question to the group - can Netbackup be installed and run outside
the root account?  Why you ask?  As I stated, the system is considered
part of a SoX / Quality / HIPPA environment and I would prefer to run
this outside of root if we can.  We do run CA E-trust Access Control for
unix and can put rules and policies in place but was wondering if anyone
else has this run into this and what if any issues they ran into.

I know we can build rules and such around Netbacukp commands via Access
Control that would allow me to su to root (or any other account) run the
needed commands.

Just asking as I am in the requirements gathering phase of the project
and looking to make sure i do due diligence in my effort.

thx in advance - 

jc



jcode AT yahoo DOT com
  

"Never argue with an idiot, people watching may
not be able to tell the difference!" - dave boyne


      
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential 
information and is for the sole use of the intended recipient(s). If you are 
not the intended recipient, any disclosure, copying, distribution, or use of 
the contents of this information is prohibited and may be unlawful. If you have 
received this electronic transmission in error, please reply immediately to the 
sender that you have received the message in error, and delete it. Thank you.
----------------------------------

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Veritas-bu] Account to run wiith Netbackup 6.5.x, jcode
Next by Date:  [Veritas-bu] Veritas Netbackup 6.5.2 Performance issue., harpreet_singh
Previous by Thread:  [Veritas-bu] Account to run wiith Netbackup 6.5.x, jcode
Next by Thread:  [Veritas-bu] Veritas Netbackup 6.5.2 Performance issue., harpreet_singh
Indexes:  [Date] [Thread] [Top] [All Lists]