ADSM-L

Re: [ADSM-L] Disabled arbitrary scheduled commands

2014-07-03 10:15:38
Subject: Re: [ADSM-L] Disabled arbitrary scheduled commands
From: Andrew Raibeck <storman AT US.IBM DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Thu, 3 Jul 2014 10:13:46 -0400
Hi Skylar,

Have a look here:

http://www.ibm.com/support/knowledgecenter/SSGSG7_7.1.0/com.ibm.itsm.client.doc/c_opt_scheduling.html

These options are of interest:

* schedcmddisabled
* schedrestretrdisabled
* srvprepostscheddisabled
* srvprepostsnapdisabled

You can also set preschedulecmd, prenschedulecmd, postschedulecmd, and
postnschedulecmd to blank strings ("").

Schedules with ACTION=MACRO require an OBJECTS=xxxxx that refers to a macro
file on the client system. As long as you have no such files, the scheduler
will not be able to run a macro.

Best regards,

- Andy

____________________________________________________________________________

Andrew Raibeck | Tivoli Storage Manager Level 3 Technical Lead |
storman AT us.ibm DOT com

IBM Tivoli Storage Manager links:
Product support:
http://www.ibm.com/support/entry/portal/Overview/Software/Tivoli/Tivoli_Storage_Manager

Online documentation:
https://www.ibm.com/developerworks/mydeveloperworks/wikis/home/wiki/Tivoli
+Documentation+Central/page/Tivoli+Storage+Manager
Product Wiki:
https://www.ibm.com/developerworks/mydeveloperworks/wikis/home/wiki/Tivoli
+Storage+Manager/page/Home

"ADSM: Dist Stor Manager" <ADSM-L AT vm.marist DOT edu> wrote on 2014-07-03
09:55:23:

> From: Skylar Thompson <skylar2 AT U.WASHINGTON DOT EDU>
> To: ADSM-L AT vm.marist DOT edu,
> Date: 2014-07-03 09:57
> Subject: Disabled arbitrary scheduled commands
> Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT vm.marist DOT edu>
>
> We have a RHEL6 system backed up with TSM with some unique security.
> Basically we
> need some way for us to disable the ability for the server to cause the
> client to run arbitrary commands via a scheduled event. All we want the
> client to do is run an incremental backup, without any way for the server
> to have the client do the following:
>
> * Run COMMAND or MACRO schedules
> * Run PRESCHEDULECMD or POSTSCHEDULECMD
> * Run any other arbitrary command from the server
>
> Currently we're backing the system up with dsmc fired from cron, but it
> makes error checking a little more difficult.
>
> Now I imagine if I were really motivated I could solve this with SELinux,
> but if there were some way to do this within TSM itself that would save
> some work.
>
> Thanks!
>
> --
> -- Skylar Thompson (skylar2 AT u.washington DOT edu)
> -- Genome Sciences Department, System Administrator
> -- Foege Building S046, (206)-685-7354
> -- University of Washington School of Medicine
>
<Prev in Thread] Current Thread [Next in Thread>