Just recently I realized that our usage of proxynode feature violates
security standards in UNIX. We have NFS File-Servers lxfsuxx as agent
nodes and a target node lxtsm.
Using GRant PROXynode server command and asnodename client option we
allow users to restore data which was backup up on the NFS Fileserver.
But: Users now see not only their own files, they see all files and are
able to restore or retrieve them, not considering the UNIX permissions !
There is a IBM doc APAR IC50565 which explains this and stating that:
... when TSM admin grants a node proxy authority, and you use the
asnodename option to become that node, you can query and restore all
files as if you had root authority.
I wish I had known this before we began using proxynode for our NFS
fileservers !
Matthias
--
--
Matthias Feyerabend | [EMAIL PROTECTED]
Gesellschaft fuer Schwerionenforschung | phone +49-6159-71-2519
Planckstr. 1|
D-64291 Darmstadt | fax +49-6159-71-2519