cancel
Showing results for 
Search instead for 
Did you mean: 

bppllist: must be superuser to execute

Alaaeddine
Level 2

Hi All,

I have a problem with setting a new account with superuser authontifictaion to execute commands on netbackup!

The new account is srv-ctlm

[srv-ctlm@******** admincmd]$ /usr/openv/netbackup/bin/admincmd/bppllist
bppllist: must be superuser to execute

here down, you will find how i set the new acount in the auth.conf file : 

[srv-ctlm@********* netbackup]$ cd /usr/openv/java/
[srv-ctlm@********* java]$ cat auth.conf
#Pas de tab dans ce fichier, seulement des espaces
root ADMIN=ALL JBP=ALL
srv-ctlm ADMIN=ALL JBP=ALL
* ADMIN=JBP JBP=ENDUSER+BU+ARC

i need your help please :(

 

Best Regards 
Alaaeddine

1 ACCEPTED SOLUTION

Accepted Solutions

Nicolai
Moderator
Moderator
Partner    VIP   

hi @Alaaeddine 

I think there is a optiion, it is called Enhanced Auditing

Taken from the Security and Encryption Guide:

This feature allows a non-root user or a non-administrator to perform all the NetBackup operations through a command-line interface or the NetBackup Administration Console. The user is authorized to either perform all operations or no operations. This feature does not offer role-based access control.

https://www.veritas.com/support/en_US/doc/21733320-132525226-0/v101261421-132525226

Best Regards
Nicolai

View solution in original post

5 REPLIES 5

RamNagalla
Moderator
Moderator
Partner    VIP    Certified

auth.conf file is only to  provide admin access on Netbackup java console, it does not provide the admin/super user access for command line, you need to be root user or sudo root privilages user to run some of the admin related command in netbackup CLI.

Hi RamNagalla,

Thanks for the feedback but is there anoter way without using the root user ?

the root user is for administration and we want to keep it just for that.

I find it strange that we can't be free to use other users to run app commands like "bppllist"  :(

Best Regards 

Alaaeddine BELLARADH

Nicolai
Moderator
Moderator
Partner    VIP   

hi @Alaaeddine 

I think there is a optiion, it is called Enhanced Auditing

Taken from the Security and Encryption Guide:

This feature allows a non-root user or a non-administrator to perform all the NetBackup operations through a command-line interface or the NetBackup Administration Console. The user is authorized to either perform all operations or no operations. This feature does not offer role-based access control.

https://www.veritas.com/support/en_US/doc/21733320-132525226-0/v101261421-132525226

Best Regards
Nicolai

How can we authorize non-root user to execute vmoprcmd so that they can check the drive status ? 

The method @Nicolai posted is one way, although a simpler method would be to configure sudo to allow non-root users to run commands as root. Choose which ever method meets your level of expertise and experience.