cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Restricting Access

Roobix_Cube
Level 5

‎05-12-2008 08:33 PM

Hi all,

I'm in a highly secure AIX environment, whereby users do not have permissions to run Netbackup commands.  Is there a way to allow backup admins to run Netbackup commands whilst still preventing them from running AIX OS commands?

Thanks.
0 Kudos
7 REPLIES 7

Roobix_Cube
Level 5

‎05-12-2008 10:33 PM

Sorry, let me be more clear....does anyone know if there’s an easy way to configure Netbackup access for non-root/administrator users, outside of implementing Veritas Security Services?  Basically, we want to give a user access to the master server to run only Netbackup related commands (console access is not required)...

zippy
Level 6

‎05-13-2008 07:41 AM

yup
 
root@-/usr/openv/java # ls -al auth.conf
-rw-r--r--   1 root       sys            172 Jan 30 09:15 auth.conf
 
vi this file
 
add your local unix users to it
 
like
 
root ADMIN=ALL JBP=ALL
* ADMIN=JBP JBP=ENDUSER+BU+ARC
jimd ADMIN=AM+BPM+MM+REP+JBP+DM
backup_admin ADMIN=ALL
 
search auth.conf in the forums for more examples.
 
stop and start netbackup
 
the users have to be local unix user only.
 
your done
 


 
 

 
0 Kudos

CRZ
Level 6
Employee Accredited Certified

‎05-13-2008 08:49 AM

It sounds like you want to install the sudo package.  (I'm assuming there's a sudo for AIX, but will be quickly shouted down if I'm wrong.)
0 Kudos

zippy
Level 6

‎05-13-2008 09:01 AM

I'm in a highly secure AIX environment, whereby users do not have permissions to run Netbackup commands.  Is there a way to allow backup admins to run Netbackup commands whilst still preventing them from running AIX OS commands?

CRZ,
 
SUDO is free product that is used on a UNIX system to allow non root users to run root commands. 
 
 
There is a sudo for AIX
 
I would think that if the system is so highly secure, then why would he allow anything but users on the system, then only allowing them access to the GUI.
 

 
0 Kudos

Omar_Villa
Level 6
Employee

‎05-13-2008 09:02 AM

auth.conf will not give you much security, because they will have access to add/change/remove policies or devices from your configuration, for this u will need to create a sudo list or use a third party security application has Keon.
 
regards
0 Kudos

zippy
Level 6

‎05-13-2008 09:17 AM

Omar
 
he asked
 
 is there a way to allow backup admins to run Netbackup commands.
 
I would asume that Backup Admins need "access to add/change/remove policies or devices from your configuration"
 
auth.conf can be configured to give the Backup Admin all access or limited access or a anything in between.
 
AM BPM MM REP JBP DM
0 Kudos

Omar_Villa
Level 6
Employee

‎05-13-2008 09:29 AM

There are many different kinds of Backup Admins, you can have several levels of admins has Level 1, who only monitor jobs and devices, level 2 who can fix some client side issues without affecting the backup architecture and level 3 who can fix/modify/add/delete the NBU architecture, everything depends of what are the skills of your backup team players, if you want all of them to have the same access, probably is a mistake because has everywhere some people have more expirience than others, so if he is trying to create some kind of access policies, the recomendation will be to do the best practice from the biggining for any future grow, in small environments there is no need of this but if you have a big site you need it.
 
hope this helps Roobix.
 
 
Regards
0 Kudos