Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

The proper way to create a backup/restore user ??

Status
Not open for further replies.
madmurdock

madmurdock

MIS
Jan 13, 2003
105
Hi,

as a customer request, one should able to do a mksysb as a non-root user. I therefore studied the manual and learned, that the adminstravie role "ManageBackupRestore" is not sufficient to make a mksysb.

/usr/bin/mksysb is 544 with ownership bin.bin

Question: What is the IBM-supported proper way to have an non-root User enabled to make a mksysb.

regards
mad

Advanced Interactive eXecutable
 
Sort by date Sort by votes
you can use the sudo command to grant a user temporarily root permissions to execute the mksysb command.

rgds,

R.
 
Upvote 0 Downvote
Nice way, but the customer do not want to use sudo because of another overhead of adminstration.

Must be possible with standard AIX methods ...

mad


Advanced Interactive eXecutable
 
Upvote 0 Downvote
I've got to back up RMGBELGIUM{/b]
I use sudo extensively. Once the software is installed (1 hr max) and the relvant line inserted into the sudoers file (10 mins) what further adminstrative overhead is there?

Personally I consider sudo to be a part of my 'standard' Unix install along with perl and ssh.

Columb Healy
 
Upvote 0 Downvote
Yes, you are all right, and sudo is a nice Sw, but I can not use it.

THere must be another way

mad

Advanced Interactive eXecutable
 
Upvote 0 Downvote
Not recommended for security reasons, but I guess you could create a user with root equivalence (ie with a UID of 0), and edit that user's .profile to include only the mksysb command that you require, exiting immediately afterwards. Of course, this won't be 'IBM supported', but I doubt whether any other solution would be except perhaps sudo.
 
Upvote 0 Downvote
Sounds like it's time to be firm and educate the customer.

Using a security endangering method like making your own setuid program launcher or <shudder> creating another UID 0 user will only do them a disservice, and I personally would tell them they need to hire someone else if that's what they want to do.

What administrative overhead are they talking about with sudo? If they want regular users to be able to make a mksysb, all it takes is one line in /etc/sudoers.

Considering that sudo is part of the AIX Linux Toolbox, I'd say it's IBM approved, as well.

Rod Knowlton
IBM Certified Advanced Technical Expert pSeries and AIX 5L
CompTIA Linux+
CompTIA Security+

 
Upvote 0 Downvote
I do agree with Rod, there is no overhead for Sudo, it seems to me that your clients are not very savvy of what they are talking about, no disrespect is implied, you need to explain things to them in a more basic manner.

Sudo is there best option.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

E
  • Locked
  • Question
AIX Power5 on 5.3- On varyonvg error "cannot be varied on because no good copies of the descriptor area"
Replies
1
Views
465
JenLM
J
A
  • Locked
  • Question
Adding Existing LUN to New LPAR AIX
Replies
0
Views
394
Alvinghost
A
mohamedazrin
  • Locked
  • Question
Need some help with extend the PP
Replies
1
Views
436
Andjey
Andjey
E
  • Locked
  • Question
What are reservations and how do you set them?
Replies
0
Views
350
emze
E
sheilar32
  • Locked
  • Question
Migrating from AIX to anything else
Replies
0
Views
357
sheilar32
sheilar32

Part and Inventory Search

Sponsor

Back
Top