How to create a customized admin group for VERITAS Volume Manager Storage Administrator (VMSA)

Article:TECH15273  |  Created: 2001-01-09  |  Updated: 2002-01-18  |  Article URL http://www.symantec.com/docs/TECH15273
Article Type
Technical Solution

Environment

Issue



How to create a customized admin group for VERITAS Volume Manager Storage Administrator (VMSA)

Solution



What is an admin group ?

If users other than root need to access and use the VMSA GUI, it is best to create what is called an admin group. This admin group specifies which users can run the VMSA GUI.

The appropriate user name and password entries must exist in the password file or corresponding Network Information Name Service (NIS) table on the machine.

Your user name must also be included in the VMSA admin group (vrtsadm, by default) in the /etc/group file or NIS group table. If the vrtsadm group does not exist in the group file, only root can run the VMSA GUI.

To restrict a list of users who can only run VMSA in read-only mode, add a group called vrtsro to the group file or NIS group table on the machine. The vrtsro group includes the name of any user who is only allowed to run VMSA in the read-only mode.


To create an admin group other than the default group vrtsadm, follow the steps below


Reference the following man pages for further information on how to add users, groups and NIS+ information

groupadd add (create) a new group definition on the system
useradd administer a new user login on the system
nis+ a new version of the network information name service


The following steps illustrate how to create a new group entry, which will include a list of users that will be accessing the VMSA GUI.


1. Create the new group with the required group name if it does not already exist.

The group file contains an entry for each group recognized by the system, in the form of:

groupname:<password>:<gid>:<user-list>

groupname The name of the group.
password If the password field is empty, then no password is demanded.
gid The group's unique numerical ID (GID) within the system.
user-list A comma-separated list of users allowed in the group.


Sample group entry

sms::999:root,fbloggs


2. Create the required users to be added to this group in the passwd file.

The passwd file contains an entry for each user recognized by the system, in the form of:

username:<password field>:<uid>:<gid>:<comment>:<home-directory>:<shell>

username The name of user
password Where the password information is kept
uid The user unique numerical ID (UID) within the system.
gid The group's unique numerical ID (GID) within the system.
comment Where you can add a comment on the user account
home-directory Which directory the users log into.
shell Which UNIX shell is to be used by default for this account


Sample passwd entry

jbloggs:x:1000:999:VMSA account:/home/jbloggs:/bin/sh

3. Confirm that the group and passwd files have been updated accordingly.

The pwck command checks the passwd file by default and notes any inconsistencies. This process includes the validation of the number of fields, login name, user ID, group ID, and whether the login directory and the program-to-use or shell exists.

# pwck

The grpck command verifies all entries in the group file by default. This verification includes a check of the number of fields, group name, group ID, whether any login names belong to more than group, and that all login names appear in the passwd file.

# grpck

The pwconv command creates and updates the shadow file with information from the passwd file.

# pwconv

4. Modify the vmsa_server script

NOTE: The location of the VRTSvmsa package is presumed to be located in the following path: /opt/VRTSvmsa/bin

# cd /opt/VRTSvmsa/bin

# vi vmsa_server

Search for the following string: Starting $PROD_NAME Server

Default structure




Modification to vmsa_server script




In this instance, the desired group name is called sms (as shown above within the circle).

5. Stop and start the vmsa_server to ensure all modifications are reflected.

Stop any VMSA GUI windows which are currently open


# /opt/VRTSvmsa/bin vmsa_server -k

# /opt/VRTSvmsa/bin vmsa_server &


6. Restart the VMSA GUI session to set changes made

# vmsa &







Legacy ID



238409


Article URL http://www.symantec.com/docs/TECH15273


Terms of use for this information are found in Legal Notices