RE: [NV-L] Running Netview as with limited root access.

[James Shanks <jshanks@us.ibm.com>]

The repercussions are that if non-root
users can configure traps, then you have given them root access through
the back door.  Take any command you want, configure "Node Up"
to execute it as a command for automatic action.  The execute "event
-h test1"  and your command will be executed by ovactiond with
root authority.  It's just that simple.  There is a reason why
we recommend that the NetView administrator have root authority and lock
down every thing so that only root can use it.

The decision not to give the NetView
administrator root authority is a political one and, in my opinion, an
unnecessary burden on all concerned.

James Shanks
Level 3 Support  for Tivoli NetView for UNIX and Windows
Network Availability Management
Network Management - Development
Tivoli Software, IBM Corp

"Sean Lawrence" <Sean.Lawrence@cantire.com>
Sent by: nv-l-bounces@lists.ca.ibm.com

02/08/2007 11:43 AM

Please respond to
Tivoli NetView Discussions <nv-l@lists.ca.ibm.com>

To	"Tivoli NetView Discussions" <nv-l@lists.ca.ibm.com>
cc
Subject	RE: [NV-L] Running Netview as with limited root access.

I was able to open the permissions
on the trapd.conf and the mib2trap utility and that allowed me to add traps
and configure them in nv6000. I just don’t know what the repercussions
of that are.
 
Sean Lawrence 
Systems Automation Technical
Specialist
905-790-5728

---

From: nv-l-bounces@lists.ca.ibm.com
[mailto:nv-l-bounces@lists.ca.ibm.com] On Behalf Of Kain, Becki
(B.)
Sent: February 8, 2007 10:49 AM
To: Tivoli NetView Discussions
Subject: RE: [NV-L] Running Netview as with limited root access. 
 
we do this now.  we relay
on the tivoli framework to give up access, when we need root.  you
will NOT be able to add mibs, as far as I can tell, nor add traps, with
sudo.  you get a memory fault when you try that.
 
good luck

---

From: nv-l-bounces@lists.ca.ibm.com
[mailto:nv-l-bounces@lists.ca.ibm.com] On Behalf Of Sean Lawrence
Sent: Thursday, February 08, 2007 10:22 AM
To: Tivoli NetView Discussions
Subject: [NV-L] Running Netview as with limited root access. 
Our group here does not have root
access to our Netview installation.
 
We have discussed options with
our AIX sysadmin.
 
We can define sudo rights to start/stop
Netview.
 
I have identified the following
commands we need sudo for:
ovstart
ovstop
netnmrc
nv6000
 
We would like to change group ownership
to the /usr/OV directory so that our regular users can modify config files.
 
Has anyone done this? 
Is there any danger in modifying
group permissions on /usr/OV?
Are there any other executable
files I should add to the sudo list?
 
Sean Lawrence 
Systems Automation Technical
Specialist
905-790-5728_______________________________________________
NV-L mailing list
NV-L@lists.ca.ibm.com
Unsubscribe:NV-L-leave@lists.ca.ibm.com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to
internal IBM'ers only)

_______________________________________________
NV-L mailing list
NV-L@lists.ca.ibm.com
Unsubscribe:NV-L-leave@lists.ca.ibm.com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to 
internal IBM'ers only)