Previous  |  Next >  
Product: NetBackup System Administrator's Help  

Allowing Nonroot Users to Administer NetBackup

This section explains how to configure nonroot usage of all NetBackup administrator applications. (For example, Activity Monitor.) This includes NetBackup-Java and all other NetBackup administration commands and interfaces (such as bpadm or tpconfig).

You must always configure nonroot usage on the system where you will run the administrator applications. For NetBackup-Java, this is the system that you specify in the login dialog box when starting the NetBackup-Java interface.

For NetBackup-Java administration, you must configure nonroot usage on each system you plan to use.


Example 1

Assume you plan to start jnbSA on a Solaris system named shark and then specify an HP-UX system named dolphin in the login dialog box. Here, you must configure nonroot usage of NetBackup administrator applications on dolphin.


Example 2

Assume you plan to start jnbSA on a Solaris system named shark and then specify that same system in the login dialog box. Here, you must allow nonroot usage of the NetBackup administrator applications on shark.

  To allow nonroot users to administer NetBackup or create a group specifically for Media Manager tape users

Perform the following steps as root to allow nonroot users to administer NetBackup with NetBackup-Java or any other administrator application or command (such as bpadm or tpconfig).

  1. On the UNIX system that you will specify in the login dialog box when starting the NetBackup-Java interface, create distinct file-system groups as desired for the applications that will have nonroot usage. If you want all nonroot administrators to have privileges for all applications, create only one distinct file-system group.
    You can have three separate groups---one for each of the following:
    • NetBackup-Java administrator applications, including administrator capabilities in the Backup, Archive, and Restore application.
    • Administrator capabilities for only jbpSA
    • Tape operations using the tpreg and tpunmount commands
  2. On the UNIX system that you will specify in the login dialog box when starting the NetBackup-Java interface, run /usr/openv/netbackup/bin/nonroot_admin.
    You are now asked to provide the group names you created.
    Rerun this script any time a patch is installed that replaces any file in /usr/openv/netbackup/bin/admincmd or files bpbackup, bplist or bprestore in /usr/openv/netbackup/bin.
  3. Change the NetBackup-Java authorization file, /usr/openv/java/auth.conf, to provide the desired capabilities for the affected users (this file does not exist by default on UNIX master servers that are not supported NetBackup-Java platforms, so you must create it first on those systems).
  4. Ask all affected users on the system where you ran the nonroot_admin script to restart the NetBackup-Java application.
    A nonroot user that is not authorized for some of the applications per the auth.conf file, sees the following warning message dialog after logging in:

       You are not authorized to use some of the applications.
    Access to those applications has been disabled.
    A nonroot user will only have the applications available to them that they are authorized to use. For example, Activity Monitor.
 ^ Return to Top Previous  |  Next >  
Product: NetBackup System Administrator's Help  
VERITAS Software Corporation
www.veritas.com