About authorizing NetBackup-Java users on UNIX/Linux
|Article:HOWTO33595|||||Created: 2010-10-28|||||Updated: 2011-03-10|||||Article URL http://www.symantec.com/docs/HOWTO33595|
If NetBackup Access Control is not configured, you can still authorize users of the NetBackup-Java Administration Console for specific applications. NetBackup Access Control always takes precedence over the capabilities authorization of NetBackup-Java.
If a user is not an authorized administrator by NetBackup Access Control, the actions that the user can perform in the Backup, Archive, and Restore application are limited. The user can perform the actions that are defined in the auth.conf file on the host that is specified in the NetBackup-Java logon dialog box. NetBackup-Java users must log on to the NetBackup-Java application server that is on the NetBackup host where they want to perform administrator or user operations.
The /usr/openv/java/auth.conf file contains the authorization data for accessing NetBackup-Java applications. This file exists only on NetBackup-Java capable machines where the NetBackup-Java interface software is installed.
On NetBackup servers
Administration capabilities for the root user and user backup and restore capabilities for all other users.
On NetBackup clients
User backup and restore capabilities for all users.
On all other UNIX NetBackup systems, the file does not exist but the NetBackup-Java application server provides the same default authorization. To change these defaults on other UNIX systems, create the /usr/openv/java/auth.conf file.
Nonroot or non-administrator users can be authorized to administer Windows NetBackup servers remotely from the NetBackup-Java Console. Do so by setting up authorization in the auth.conf file on the Windows server.
The auth.conf file must contain entries for the UNIX user names that are used in the logon dialog box of the NetBackup-Java Console. The auth.conf file must reside in install_path\VERITAS\java on each Windows server you want to provide nonroot administration capability. Without an auth.conf file, the user has the same privileges on the remote server as on the server that is specified in the logon screen. User privileges are the same if auth.conf does not contain an entry for the user name even though host authorization between the two is configured. (SERVER entries in the configuration of each.)
Article URL http://www.symantec.com/docs/HOWTO33595