Re: [Networker] configure clients as administrators on NetWorker server
2009-10-13 08:49:25
HI Joey,
From what I remember, the reasoning behind this is to allow the
"application owner" to keep the Networker index up to date. This would
allow RMAN to control the ageing out of backup entries from the Client
File Index once they have passed it's own retention policy (so that the
two backup catalogues stay in sync). (With NMM I think it's to do with
registering VSS snapshots in the index).
IF there were fine grained access control within NetWorker, then we
might be able to delegate rights to ONLY do the things they need to do
to Networker. As there isn't, the sledge-hammer comes out and they need
Administrator rights.
So, that's why, and yes - it's a huge security hole for anyone who's got
teh good sense not to trust their server-admins ;-)
Will
Joey Admin wrote:
Hi all.
What is this with RMAN backups and NMM backups, that you need to make an
entry such as this one on the NetWorker server in the list of administrators:
user=system,host=host.domain.com
user=administrator,host=host.domain.com
I'm not confortable listing users on a particular client as an administrator
of the NetWorker zone.
Don't you think this is a security hole?
Joey
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
--
w.parsons AT leeds.ac DOT uk
UNIX Support
Information Systems Services
The University of Leeds
+44 113 343 5670
“I’m not against progress, it’s the change I do not like” – Mark Twain
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
<Prev in Thread] |
Current Thread |
[Next in Thread> |
Re: [Networker] configure clients as administrators on NetWorker server,
Will Parsons <=
|
|
|