Shhhh.....  Somebody might hear you and try to make that run under another
ID.  They might try to do something silly like run the scheduler under
another ID, schedule a command that sudo's a dsmc inc command as root.  Then
where would we be?  It would probably be best to keep this quiet.  O:)

Alex Paschal
Storage Administrator
Freightliner, LLC
(503) 745-6850 phone/vmail

-----Original Message-----
From: Thomas Denier [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 20, 2001 9:32 AM
To: [EMAIL PROTECTED]
Subject: Re: Root/Amin Privilege


> My management has directed the move of the TSM Administrator function to
our
> Operations department.  We have a unix TSM server with a mixture of unix
and
> NT clients.  Software installation/planning would still be done on the
> Systems side of the house, but everything else would be handled in
> Operations.  Do you know if this hand-off is possible without providing
> root/admin provileges on each client and the server to Ops?

Not if you use the central scheduler. One of the capabilities of the central
scheduler is asking a client to run an arbitrary command under the user
associated with the client scheduler process or service. On Unix clients
this
is almost inescapably the root user. On NT clients it is usually the system
account, which can do almost anything with resources belonging to the system
(as opposed to resources shared over the network by other systems). Even if
you don't give Operations root/admin passwords, control of the TSM central
scheduler will essentially give them root/admin privileges on all the
clients.

Reply via email to