cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Oracle RMAN NetBackup 8.1.2 - new feature!

Go to solution
Genericus
Moderator
Moderator
   VIP   

‎12-19-2018 06:27 AM - edited ‎12-19-2018 06:28 AM

Since an Oracle backup runs a script as root, NetBackup is now securing these scripts.

 When we upgrade to 8.1.2, all oracle backup scripts must be run from a defined area.  If the script/directory is not authorized, the backup will fail with error (5449) The script is not approved for execution.

 What does this mean to us?

We should determine a standard script path and protect those scripts so only DBA can update them

As we update clients, we need to add a line in each bp.conf listing the script directory path, like “DB_SCRIPT_PATH = /oracle/rman/” Based on script path in policies.

  

https://www.veritas.com/support/en_US/article.100039639.html

Best Practices for script authorized location management

  • The script should not be world writable.
  • The client Privileged User should allow DBA's write permission on a script that is in an authorized location so they have the ability to update the script when needed.
  • Remove any script or path that is listed as an authorized location in the bp.conf if the script is no longer needed.
  • An entry of DB_SCRIPT_PATH=none will not allow any script to execute on a client.  This is useful if an administrator wants to completely lock down a server from executing scripts.
NetBackup 9.1.0.1 on Solaris 11, writing to Data Domain 9800 7.7.4.0
duplicating via SLP to LTO5 & LTO8 in SL8500 via ACSLS
1 ACCEPTED SOLUTION

Accepted Solutions
2 REPLIES 2

Go to solution
Marianne
Level 6
Partner    VIP    Accredited Certified

‎12-19-2018 06:41 AM

Correct. 

This was introduced in NBU 8.1:

https://www.veritas.com/content/support/en_US/doc/16226115-126559565-0/v125208570-126559565


Handy NetBackup Links

Go to solution
DanielGomes
Level 1

‎01-31-2019 09:11 AM

On Windows S.O. I found another way to solve this problem. It may help in some cases:

I identifyed the parameter DB_SCRIPT_PATH:

mymasterserver:/usr/openv/netbackup # bpgetconfig -M myclient DB_SCRIPT_PATH

DB_SCRIPT_PATH

I created a file txt and added the 2 lines below:

mymasterserver:/usr/openv/netbackup # vi myclient.txt

DB_SCRIPT_PATH = F:\oracle

DB_SCRIPT_PATH = F:\oracle\product\10.2.0\admin\SP2D\scripts\backup\scrRootRmanTapeArchive.bat

Then I run the following command:

bpsetconfig -h myclient myclient.txt

The results:

nbu1-master-ne:/usr/openv/netbackup # bpgetconfig -M s6060db18 DB_SCRIPT_PATH

DB_SCRIPT_PATH = F:\oracle

DB_SCRIPT_PATH = F:\oracle\product\10.2.0\admin\SP2D\scripts\backup\scrRootRmanTapeArchive.bat

Finally, I reprocessed the job and it ended perfectly