Forum Discussion

AntBar's avatar
AntBar
Level 5
10 years ago

Run netbackup command from appliance

Hi all,

I want to know if it possible to run netbackup command from 5220 in master/media mode ?

When I'm trying via SSH, support, maintenance elevate, i've got this advertise :

"Permission Denied. Access to root account requires overriding the Symantec Intrusion Security Policy.
Please refer to the appliance security guide for overriding instructions."

So i've read the securiry guide but, there is another option to bypass automatically the Symantec Intrusion Security Policy ? If not, i will reconsider to deploy my 5220 as master/media...

 

Thanks !

  • You can drop down to an appliance root shell which still has access to all NetBackup commands - but really, if the NetBackup CLI user is enough - then there should be no need to go to the root shell.

    If one were to goof, even slightly, whilst in the root shell then a whole lot of damage could be done.

    If you want to, this post shows how to drop to the root shell:

    https://www-secure.symantec.com/connect/forums/backup-appliance-2603-and-altnames-file

  • Sorry but i've found a solution : create a cli admin user...

    In fact, my master/media will be attached with tape library. And I must find a tips to permit to run commands from this new configuration.

    Maybe there any other solutions ?

  • What commands are you trying to run that the NBU CLI user cannot?  That user should be able to run any NBU related CLI commands, including those related to tape.  It cannot issue many OS related commands as it is a securely sandboxed user, however.

  • In fact, i've just discovered NBU Cli user. I've noticed that all commands are functionnal.

    So, I'm curious and let me know if there is another solution to run command in appliance. If not, I will use Cli user (that's OK for me)
     

  • You can drop down to an appliance root shell which still has access to all NetBackup commands - but really, if the NetBackup CLI user is enough - then there should be no need to go to the root shell.

    If one were to goof, even slightly, whilst in the root shell then a whole lot of damage could be done.

    If you want to, this post shows how to drop to the root shell:

    https://www-secure.symantec.com/connect/forums/backup-appliance-2603-and-altnames-file