cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Running NetBackup as non-root for selective tasks

Go to solution
Genesisclimber
Level 3

‎02-28-2010 09:10 PM

Hi

I've been reading and trying this for a few days now. I'm still looking around, but I thought while I do that, might be good to drop a post here in the hope someone might provide some leads and answer some queries I have.

The situation is this - I am using NetBackup 6.5.4 running on RHEL 5.2. The current setup being tested has the Master = Media = EMM i.e. basically just a single server setup.

I installed NetBackup as root and although I am able to run all the options as root, I will like to setup a non-root user to run backup/archive/restore jobs. In addition, the non-root user will also be able to view the Activity Monitor as well. As such, I've updated the following:-

/usr/openv/java/auth.conf
root ADMIN=ALL JBP=ALL atms ADMIN=AM+JBP JBP=ENDUSER+BU+ARC

So the next thing I did was to run the GUI and got the following output (note that I used :2.0 since my server is using :1.0 for VNC) 
  Starting administration console version 6.5.     
  The log file for this execution instance is   
  /usr/openv/netbackup/logs/user_ops/nbjlogs/jbp.atms.jnbSA.26784.log   

DISPLAY environment variable is set to: :2.0 
Console was started on:   
  Linux APP 2.6.18-92.el5xen #1 SMP Tue Apr 29 13:31:30 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux  

Command line options were:   
  /usr/openv/netbackup/bin/jnbSA -d :2.0  

Starting administration console version 6.5.
 
LANG=en_US.UTF-8
LC_CTYPE="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_PAPER="en_US.UTF-8"
LC_NAME="en_US.UTF-8"
LC_ADDRESS="en_US.UTF-8"
LC_TELEPHONE="en_US.UTF-8"
LC_MEASUREMENT="en_US.UTF-8"
LC_IDENTIFICATION="en_US.UTF-8"
LC_ALL=

java version "1.5.0_17"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_17-b04)
Java HotSpot(TM) Server VM (build 1.5.0_17-b04, mixed mode)

java.lang.NoClassDefFoundError
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Unknown Source)
    at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(Unknown Source)
    at java.awt.Window.init(Unknown Source)
    at java.awt.Window.<init>(Unknown Source)
    at java.awt.Frame.<init>(Unknown Source)
    at javax.swing.JFrame.<init>(Unknown Source)
    at vrts.common.utilities.CommonFrame.<init>(CommonFrame.java:75)
    at vrts.common.utilities.CommonFrame.<init>(CommonFrame.java:70)
    at vrts.nbe.BaseNBEFrame.<init>(BaseNBEFrame.java:59)
    at vrts.nbe.LoginFrame.<init>(LoginFrame.java:227)
    at vrts.nbe.JavaPresentationLayer.initiateLogin(JavaPresentationLayer.java:154)
    at vrts.nbe.AdminConsole.main(AdminConsole.java:57)

I'm completely lost at this point. How do i follow up?

Basically, this is what I have and want to achieve:-
  1. Server running on RHEL 5.2 with NetBackup 6.5.4 installed and configured as Master, Media and EMM.
  2. NetBackup was installed as root, and as root ALL operations can be performed.
  3. I want to create an "operator" user that will ONLY be able to run backup/archive/restore jobs through the GUI.
  4. The "operator" user will also be able to view the Activity Monitor through the GUI.
  5. Besides the mentioned items in (3) and (4), the "operator" user CANNOT perform any other tasks through the GUI (or even command-line).

To add on, I came across something called NetBackup Access Control (NBAC) just before I decided to post this. From what I understand, this would enable the Access Management option in my NetBackup. Here are my queries for NBAC.
  1. Is the NBAC an add-on option that needs to be purchased, or it is downloadable for free? If the latter is yes, where do I get this from?
  2. Probably a stupid question since I haven't dwell to deep in NBAC yet, but will the NBAC be able to setup the desired user and access rights for NetBackup usage as I desired and mentioned above?
  3. Without NBAC, am I still able to achieve what I want? If yes, what steps am I missing from what I've listed in my posts so far?

A step-by-step guide to achieve what I want will be nice definitely, but all I need is just a nudge in the right direction, or just some pointers so I know what I should be looking at and what I should be looking out for. Thanks in advance for any inputs.

Edit: Some confusion about the NBAC definition. Corrected.
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
lu
Level 6

‎03-01-2010 12:28 AM

You only have a X11 problem: - make sure the "export $DISPLAY" is correct, - and that X11 connections are allowed on your workstation (xhost + ?). - Did you run "ssh -X" to connect to the NBU server ?

View solution in original post

0 Kudos
6 REPLIES 6

Go to solution
lu
Level 6

‎03-01-2010 12:28 AM

You only have a X11 problem: - make sure the "export $DISPLAY" is correct, - and that X11 connections are allowed on your workstation (xhost + ?). - Did you run "ssh -X" to connect to the NBU server ?
0 Kudos

Go to solution
rjrumfelt
Level 6

‎03-01-2010 08:08 AM

if you have a windows terminal that has access to the master server, you can install the java/windows GUI on the windows server and just run the GUI there.  I find that using any type of xwindows tends to be slower than running the java GUI app from a windows terminal.
0 Kudos

Go to solution
David_McMullin
Level 6

‎03-01-2010 08:34 AM

Console control security is an issue with NetBackup...

You can control somewhat with auth.conf, but you will find you can't do what you want...
If you give access to view jobs, they have the ability to issue "cancel all jobs" comand....

There are several ideas posts referencing this - vote for the ones you like, or add one.
0 Kudos

Go to solution
Genesisclimber
Level 3

‎03-01-2010 08:24 PM

I was so caught up with the NBAC aspect that I neevr could imagined this was the issue. After you mentioned this, I relook at the Java errors and in does give some hints....  Well, this what I did to resolve:-
  1. Run xclock as root to confirm no problems
  2. Su as atms user and run xclock and error loading X11
  3. As root, I run the command: xhost + (temporary measure. I know should be more explicit but for now, this will do)
  4. Run xclock again as atms and it works.
Now I reran the NetBackup Admin Console and it loads!!!
0 Kudos

Go to solution
Genesisclimber
Level 3

‎03-01-2010 08:25 PM

Java/Windows GUI = Java Remote Console for NetBackup?
0 Kudos

Go to solution
Genesisclimber
Level 3

‎03-01-2010 08:27 PM

Thanks. I'll be looking this up and will link up on my thread.
0 Kudos