TSM AIX admin restrictions -- restore some files, and not others?

J

jaybee

Newcomer
Joined
Jul 5, 2004
Messages
1
Reaction score
0
Points
0
Website
Visit site
Access to root account is restricted. How can we allow TSM admins to restore files in some filesystems (with original ownership and permissions), and not to restore files in sys filesystems (/var ...) ... with a TSM admin account, and without root?



I don't think this can be done with TSM 5.2 native. I could be wrong? Maybe you all know of a third party solution?
 
Hm.



You want another user than root (for example, user joe) to be able to recover files owned by all users, presumably including root.



Now, if joe is allowed to use "dsmc restore" to create a file owned by root (or any other user), what's to stop him using that recoevry process to create a file woned by and run by root that chanegs the permissions of the users to allow him access to everything on the system, including the users/groups files?



That's why TSM is set up in this way.



On the other hand, what you *could* do is set up a recovery system that runs in a restricted shell, so while the TSM admins have access to recover things already in TSM they would be restricted as to what they could do with that.



The hassle in doing this is why most shops just allow TSM to run as root.



Craigy
 
You must log in or register to reply here.

Data Privacy Impact Assessment

Compliance Assurance in Every Byte: Discover the Impact of Our DPIA Services.

Sponsor ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

Navigation Menu

Forums
   IBM TSM
   EMC Backup and Recovery
   Symantec NetBackup  
   SAN  
   NAS
   Platforms / OS
Mailing List Archives
   ADSM-L
User Groups

NordVPN 3 Months FREE

Help Support ADSM.ORG and Get NordVPN with 64% Off and 3 Months FREE.

NordVPN with 64% off + 3 months FREE

Forum statistics

Threads
31,971
Messages
135,441
Members
21,949
Latest member
tsheli
Back
Top