* Ed Wilts <ewilts at ewilts.org> [2007-05-15 21:01]:
> One word of caution - if your script isn't absolutely rock solid, you could
> potentially set yourself up for a world of hurt.  For example, if you allow
> apache to run bprestore via sudo and don't properly restrict the source and
> target destinations, you could find yourself allowing a user to restore
> ~/myownpasswd.file to an arbitrary Unix host and now you have one or more
> compromised system.  If the user can restore the passwd file on your
> NetBackup master, you now have a totally compromised environment since he
> can now restore anything to anywhere as well as having full read access to
> everything.

I couldn't agree with this more.  We had a couple commands that we
allowed certain users to sudo to that were READ ONLY tools, like
bppllist.  I don't even like our operators having access to the Activity
Monitor through the java GUI because it's not just viewing.  NBU has a
wretched excuse for a security model.

-- 
David Rock
david at graniteweb.com