Alain, this is a pretty painful process at sites where there are very strict
rules about the use of root. You just keep o finding things that you need
root for. The simplest approach is to take advantage of the Tivoli Framework
facilities, if your security folks will accept it. Here's how:
You Create a Tivoli Administrator with only the NetviewServer balloon-thing
on it. Under Logins, you put the unix login of your non-root administrator,
perhaps
limiting it to <userid>@<hostname>. So when that userid invokes 'tivoli' they,
will
get that desktop, and only that user can get that desktop. Under Properties,
where it says user and group, you put root and system or something. So functions
you execute from that Desktop will execute as root, but you never have to know
the
root password, and you cannot execute anything except the menu functions on the
NetviewServer icon.
This passes muster with all customers except those who object to having
any processes running under root except operating system processes,
and they are a real minority.
Cordially,
Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking
(NV 5.1.1 on 1IX 4.2.1)
Hi all,
Due to extensive security, we have to create a user who will be the NetView
administrator; some permissions of files can be changed to satisfy this
request (netview user security, trapd.conf, ...) but what about daemons
management (configure, maintain on the Tivoli desktop, start, stop, options,
...) ? Is this possible ?
Thanks
Alain
-----------------------
Alain Menezes
ASLK-CGER Services GIE *: +32 2 228.55.74
Rue Fossé-aux-Loups, 48 *: +32 2 228.83.69
1000 Bruxelles *:
Alain.Menezes@fortisbank.com
SDFG
|