It says all over the Admin Guide that you will need root authority to
perform certain tasks.
I will leave it to you to find them. This is in keeping with the UNIX OS
security which requires you to be root to modify certain processes on the
box, snmpd for example, and NetView is an SNMP manager.
One good way to compromise your security is to allow a non-root user to
configure trapd.conf or to put rulesets in ESE.automation or
/usr/OV/conf/rulesets. Then they can define an action which will execute
by a daemon with root authority when a trap is received. That allows the
savvy user to do whatever he or she wishes.
You can use sudo to protect the root password if you like, but changing
permissions on NetView files is not a supported operation, because we
cannot protect you if you do. If you compromise the security of your
system by changing things that is not IBM/Tivoli's fault.
The politically correct thing to do is to understand that NetView is an
integrated extension of UNIX and that the NetView administrator is every
bit as important as the UNIX administrator. The smart thing to do is to
make the UNIX admin and the NetView admin of the NetView box one and the
same person. As Sun has been telling people for years, "The network is the
system." In my opinion, it is time for all IT departments to recognize
that.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and NT
Tivoli Software / IBM Software Group
Alek Barsky
<abarsky@rci. To: nv-l@lists.tivoli.com
rogers.com> cc:
Subject: RE: [nv-l] Run
NetView/6000 as non-root user
09/03/02 05:03 PM
There is a lot of the political pressure within organization to make it
happen.
It looks like it is "possible" to do without using "uid" 0,
however I am not sure what will be "hidden" application deficiencies?
What can potentially go broken if NetView is running as non-root user?
Thanks for the help.
Alek Barsky.
> -----Original Message-----
> From: Stephen Hochstetler [mailto:shochste@us.ibm.com]
> Sent: Tuesday, September 03, 2002 4:38 PM
> To: Alek Barsky; nv-l@lists.tivoli.com
> Subject: Re: [nv-l] Run NetView/6000 as non-root user
>
>
>
> Alek,
>
> There have been some previous discussions about this. Check
> the archive
> for "root".
>
> The short answer is "no". You would need to make the
> netview userid have
> uid of 0 for this to potentially work.
>
> Kind regards,
> Stephen Hochstetler shochste@us.ibm.com
> International Technical Support Organization - Austin
> Office - 512-436-8564 FAX - 512-436-9326
>
> ITSO redbooks at http://www.redbooks.ibm.com
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
For additional commands, e-mail: nv-l-help@lists.tivoli.com
*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)
|