RE: [nv-l] NV Security

To the operating system, root is still the master.  In fact he was
executing those NetView commands, but the commands themselves have a call
to the nvsecd daemon imbedded in them.  nvsecd checks whether security is
enabled, and if so, whether the user has a current login or not.  If
security is enabled and the user does not have a current login, nvsecd
replies with a bad return code, which causes the command itself to halt
with the error message you saw.   The NetView commands themselves won't run
if nvsecd is not up, which is why it's the first daemon started by ovspmd
and why you must explicitly stop it.

James Shanks
Level 3 Support  for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group


                                                                           
             "Catalina                                                     
             Martinez"                                                     
             <Catalina.Martine                                          To 
             z AT tlc.state.tx DOT us         <nv-l AT lists.us.ibm DOT com>    
         
             >                                                          cc 
             Sent by:                                                      
             owner-nv-l@lists.                                     Subject 
             us.ibm.com                RE: [nv-l] NV Security              
                                                                           
                                                                           
             03/06/2006 11:32                                              
             AM                                                            
                                                                           
                                                                           
             Please respond to                                             
             nv-l AT lists.us DOT ibm                                           
  
                   .com                                                    
                                                                           
                                                                           




thank you.. I figured root always had ultimate powers. I did launch
nvauth and login from command line.

thanks again.

-----Original Message-----
From: owner-nv-l AT lists.us.ibm DOT com [mailto:owner-nv-l AT lists.us.ibm DOT 
com]
On Behalf Of James Shanks
Sent: Monday, March 06, 2006 10:22 AM
To: nv-l AT lists.us.ibm DOT com
Subject: Re: [nv-l] NV Security

After you telnet'd in, did you login to NetView as well?  Once NetView
security is enabled even root has to login with nvauth before it can do
anything.

James Shanks
Level 3 Support  for Tivoli NetView for UNIX and Windows
Tivoli Software / IBM Software Group




             "Catalina

             Martinez"

             <Catalina.Martine
To
             z AT tlc.state.tx DOT us         <nv-l AT lists.us.ibm DOT com>

             >
cc
             Sent by:

             owner-nv-l@lists.
Subject
             us.ibm.com                [nv-l] NV Security





             03/06/2006 10:25

             AM





             Please respond to

             nv-l AT lists.us DOT ibm

                   .com









Hello List,

AIX 5.2 ML 6, Netview 7.1.4 FP4
I enabled security and now whenever I telnet to the server and log in as
root I can not run any Netview commands, such as ovobjprint. I get the
following error:
nvs_isClientAuthorized(): permission denied for "nvsec_admin".
 A IBM Tivoli NetView login is required to permit the requested
operation.
authorized=0, status=36

I created a nvsecadm group and added root and a non-root user (since I
wanted nonroot to access nvsec_admin). but now root can not run
commands?

How do I by-pass this besides turning off security?

Catalina