Has anybody managed to implement RBAC, on solaris, to secure NetBackup ?
We are attempting to allow our backup admins to run some of the root only functions but do not want to give them the root password or implement sudo.
The configuration files have ben created as follows:
root# tail /etc/passwd
nbadmin:x:1118:1::/home/NetBackup:/usr/bin/pfksh
nbadmin1:x:1119:1:NetBackup Admin:/home/nbadmin1:/usr/bin/pfksh
root# tail /etc/user_attr
nbadmin::::type=role;profiles=NetBackup
nbadmin1::::type=normal;roles=nbadmin
root# tail /etc/security/prof_attr
NetBackup:::NetBackup Administrator:
root# tail /etc/security/exec_attr
NetBackup:suser:cmd:::/usr/openv/netbackup/bin/bpadm:uid=0
User should login as nbadmin1 and su to nbadmin.
This results in the standard error message for the bpadm utility - 'must be superuser to run'.
Any suggestions would be most welcome.