Forum Discussion

Earl_Lindberg's avatar
5 years ago

NetBackup 8.3 nbdeployutil

Hi Experts,

In a Linux environment, some NetBackup component programs, like nbdeployutil, in NetBackup 8.2 and previous versions, relied on /tmp to run their executables.

This created issues in our openscap secured environments where /tmp has very limited space and mounted noexec.

Were changes made in NetBackup 8.3 to completely remove reliance on /tmp for executables and run in /opt/openv/tmp or other configurable location? 

Smart Meter/TaaS reporting is affected directly by nbdeployutil's inability to run successfully.

Also, there is no customer feedback that Smart Meter reporting has not occurred in the last x days.

Thanks,

Earl

  • You're correct, by default nbdeployutil will use /tmp & that causes failures when /tmp is set to noexec: 

    [azureadmin@nbumaster azureadmin]# mount -o remount,noexec /tmp
    [azureadmin@nbumaster azureadmin]# mount | grep /tmp
    /dev/mapper/rootvg-tmplv on /tmp type ext4 (rw,noexec,relatime,seclabel)
    [azureadmin@nbumaster azureadmin]# /usr/openv/netbackup/bin/admincmd/nbdeployutil --gather /foo
    Can't load '/tmp/p2xtmp-127681/auto/attributes/attributes.so' for module attributes: /tmp/p2xtmp-127681/auto/attributes/attributes.so: failed to map segment from shared object at PERL2EXE_STORAGE/DynaLoader.pm line 190.
    at /usr/openv/netbackup/bin/private/nbdeployutil line 6
    Compilation failed in require at /usr/openv/netbackup/bin/private/nbdeployutil line 6.
    BEGIN failed--compilation aborted at /usr/openv/netbackup/bin/private/nbdeployutil line 6.

    However, this can be worked arround by overriding the location with the TEMP variable: 

    [azureadmin@nbumaster azureadmin]# export TEMP=/usr/openv/tmp/
    [azureadmin@nbumaster azureadmin]# echo "$TEMP"
    /usr/openv/tmp/
    [azureadmin@nbumaster azureadmin]# /usr/openv/netbackup/bin/admincmd/nbdeployutil --gather /foo
    no crontab for root
    NetBackup Deployment Utility, version 8.3
    Gathering license deployment information...
    Discovered master server nbumaster

    Enter credentials for Master Server(s):

    Master Server:nbumaster
    Domain Type (NIS, NISPLUS, WINDOWS, vx, unixpwd, ldap):unixpwd
    Domain Name :nbumaster
    User Name :root
    Password :

    Data gather is in progress. This process might take some time.
    Output for nbumaster at: /usr/openv/var/global/reports/20200803_195037_nbumaster
    Gather DONE
    Execution time: 17 secs

    To avoid having to deal with that manually, you can make a wrapper script like this: 

    #!/bin/bash

    export TEMP=/usr/openv/tmp

    exec /usr/openv/netbackup/bin/admincmd/.bin/nbdeployutil "$@"

    I'll also pass this on to our security PMs to see if we can have a more permenant solution in a later release.

     

1 Reply

  • You're correct, by default nbdeployutil will use /tmp & that causes failures when /tmp is set to noexec: 

    [azureadmin@nbumaster azureadmin]# mount -o remount,noexec /tmp
    [azureadmin@nbumaster azureadmin]# mount | grep /tmp
    /dev/mapper/rootvg-tmplv on /tmp type ext4 (rw,noexec,relatime,seclabel)
    [azureadmin@nbumaster azureadmin]# /usr/openv/netbackup/bin/admincmd/nbdeployutil --gather /foo
    Can't load '/tmp/p2xtmp-127681/auto/attributes/attributes.so' for module attributes: /tmp/p2xtmp-127681/auto/attributes/attributes.so: failed to map segment from shared object at PERL2EXE_STORAGE/DynaLoader.pm line 190.
    at /usr/openv/netbackup/bin/private/nbdeployutil line 6
    Compilation failed in require at /usr/openv/netbackup/bin/private/nbdeployutil line 6.
    BEGIN failed--compilation aborted at /usr/openv/netbackup/bin/private/nbdeployutil line 6.

    However, this can be worked arround by overriding the location with the TEMP variable: 

    [azureadmin@nbumaster azureadmin]# export TEMP=/usr/openv/tmp/
    [azureadmin@nbumaster azureadmin]# echo "$TEMP"
    /usr/openv/tmp/
    [azureadmin@nbumaster azureadmin]# /usr/openv/netbackup/bin/admincmd/nbdeployutil --gather /foo
    no crontab for root
    NetBackup Deployment Utility, version 8.3
    Gathering license deployment information...
    Discovered master server nbumaster

    Enter credentials for Master Server(s):

    Master Server:nbumaster
    Domain Type (NIS, NISPLUS, WINDOWS, vx, unixpwd, ldap):unixpwd
    Domain Name :nbumaster
    User Name :root
    Password :

    Data gather is in progress. This process might take some time.
    Output for nbumaster at: /usr/openv/var/global/reports/20200803_195037_nbumaster
    Gather DONE
    Execution time: 17 secs

    To avoid having to deal with that manually, you can make a wrapper script like this: 

    #!/bin/bash

    export TEMP=/usr/openv/tmp

    exec /usr/openv/netbackup/bin/admincmd/.bin/nbdeployutil "$@"

    I'll also pass this on to our security PMs to see if we can have a more permenant solution in a later release.