cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Any easy way to remove world-writable bit (change permission) on Netbackup 6.5.4 files in Solaris?

Go to solution
dododo__
Level 3

‎12-28-2010 03:32 PM

There are many NetBackup 6.5.4 files have world-writeable permission in Solaris. Is there any easy fix to make all NetBackup files without any world-writeabel permission.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Will_Restore
Level 6

‎12-29-2010 10:51 AM

  /usr/openv/netbackup/db/images/*.lck

  /usr/openv/netbackup/vault

  /usr/openv/pack

 

we run a script to remove world-write permissions for hardening but some of these reverted

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
Marianne
Level 6
Partner    VIP    Accredited Certified

‎12-29-2010 12:39 AM

Please give examples?

I have found that there are hardly any files/folders that have write permission for 'other', even for root. Two of the very few folders that have 777 permissions are in /usr/openv/netbackup/logs - user_ops and nbliveup. user_ops certainly needs write permission for all users.

Most binaries in netbackup/bin and volmgr/bin have 500 (-r-x------   1 root     bin) permissions, the rest (including  admincmd) have 555 permissions (-r-xr-xr-x) - no write permission.

So, I certainly don't see any unusual amount of write permission for all users.

Did someone in your environment perhaps do a recursive chmod?


Handy NetBackup Links
0 Kudos

Go to solution
dododo__
Level 3

‎12-29-2010 09:43 AM

 I certainly see 777 permissions in  /usr/openv/netbackup/logs - user_ops and nbliveup. user_ops on my end as well.  Are those files "have to" be 777?

Here are some my examples in other directories with 777. (I had confirmed that no one did chmod), they are:

opt/openv/var/global/device_mappings.txt

/opt/openv/var/vnetd/bpversion_touch.txt

/opt/openv/volmgr/bin/SHARED_DRIVE_CALLED

/opt/openv/volmgr/debug/acsssi/event.log

/opt/openv/var/global/device_mappings.txt

/opt/openv/var/nbproxy_nbsl-ServiceManagementEx-1.ior.mgr

/opt/openv/var/nbproxy_nbsl-ServiceManagementEx-10.ior.mgr

The fact is -- our media server(s) went through many upgrades. I heard NBU6.5.6 will not generate 777 files anymore. If this is a true statement, does this mean if I have a clean installation of 6.5.6 (no previous historical files or directories) on a server, I won't find any 777 files in any NBU directories?

0 Kudos

Go to solution
Will_Restore
Level 6

‎12-29-2010 10:51 AM

  /usr/openv/netbackup/db/images/*.lck

  /usr/openv/netbackup/vault

  /usr/openv/pack

 

we run a script to remove world-write permissions for hardening but some of these reverted

0 Kudos