08-28-2020 09:50 AM - edited 08-28-2020 09:53 AM
Hi All,
I have a problem with setting a new account with superuser authontifictaion to execute commands on netbackup!
The new account is srv-ctlm
[srv-ctlm@******** admincmd]$ /usr/openv/netbackup/bin/admincmd/bppllist
bppllist: must be superuser to execute
here down, you will find how i set the new acount in the auth.conf file :
[srv-ctlm@********* netbackup]$ cd /usr/openv/java/
[srv-ctlm@********* java]$ cat auth.conf
#Pas de tab dans ce fichier, seulement des espaces
root ADMIN=ALL JBP=ALL
srv-ctlm ADMIN=ALL JBP=ALL
* ADMIN=JBP JBP=ENDUSER+BU+ARC
i need your help please :(
Best Regards
Alaaeddine
Solved! Go to Solution.
08-31-2020 06:23 AM - edited 08-31-2020 06:24 AM
hi @Alaaeddine
I think there is a optiion, it is called Enhanced Auditing
Taken from the Security and Encryption Guide:
This feature allows a non-root user or a non-administrator to perform all the NetBackup operations through a command-line interface or the NetBackup Administration Console. The user is authorized to either perform all operations or no operations. This feature does not offer role-based access control.
https://www.veritas.com/support/en_US/doc/21733320-132525226-0/v101261421-132525226
Best Regards
Nicolai
08-28-2020 04:55 PM
auth.conf file is only to provide admin access on Netbackup java console, it does not provide the admin/super user access for command line, you need to be root user or sudo root privilages user to run some of the admin related command in netbackup CLI.
08-31-2020 05:13 AM
Hi RamNagalla,
Thanks for the feedback but is there anoter way without using the root user ?
the root user is for administration and we want to keep it just for that.
I find it strange that we can't be free to use other users to run app commands like "bppllist" :(
Best Regards
Alaaeddine BELLARADH
08-31-2020 06:23 AM - edited 08-31-2020 06:24 AM
hi @Alaaeddine
I think there is a optiion, it is called Enhanced Auditing
Taken from the Security and Encryption Guide:
This feature allows a non-root user or a non-administrator to perform all the NetBackup operations through a command-line interface or the NetBackup Administration Console. The user is authorized to either perform all operations or no operations. This feature does not offer role-based access control.
https://www.veritas.com/support/en_US/doc/21733320-132525226-0/v101261421-132525226
Best Regards
Nicolai
09-27-2020 08:41 AM
How can we authorize non-root user to execute vmoprcmd so that they can check the drive status ?
09-27-2020 04:14 PM
The method @Nicolai posted is one way, although a simpler method would be to configure sudo to allow non-root users to run commands as root. Choose which ever method meets your level of expertise and experience.