Remote installation manager, Change read permission of a disk backup – Storix Software SBAdmin User Guide User Manual

All remote commands are executed using the “strexec” executable, which may be executed only by the root
user on the system.

All attempts to run remote commands are checked on the remote system for authenticity as follows:

In the following, $STXPATH designates your SBAdmin data directory chosen
when installing the software (default is /storix), and $STXINSTPATH is the
SBAdmin application directory (/opt/storix for Linux & Solaris or /usr/lpp/storix
for AIX).

1. The IP address of the sender is checked to see if it is a valid SBAdmin administrator system. Valid

admin systems are specified in the $STXPATH/config/admin_servers file when SBAdmin is installed
onto a client or server. If the caller is an administrator system, no further hostname or IP address
checking is performed.

2. The

groupid of the caller is checked that it is a member of the same group. Or, if a client is calling a

server, the $STXPATH/config/serverinfo file is checked to see if the caller is a member of an enabled
group. This file is created by the SBAdmin administrator system and copied to each server when
changes are made to the server’s access permissions.

3. The IP address of the sender is checked to see if it is a valid client (if calling a server). The

$STXPATH/config/serveraccess_groupid file determines the permitted hosts. This file is created by
the SBAdmin administrator system and copied to each server when clients are added or removed from
the server’s group.

4. The

command to execute is checked to ensure it is not a wrapper. For instance, no commands

containing sub-commands such as “command1; command2” or “command1 $(command2)” may be
executed.

5. The command to execute is checked to ensure it does not contain an absolute pathname. Only the

command name to execute must exist on the system in the $STXINSTPATH/bin directory.

6. The command to execute is checked to see if it a permitted remote command. Permitted commands

are listed in the $STXINSTPATH/config/remote_cmds file. Commands in this file may be designated
as only available to a calling administrator, client, server owner, server group, etc.

7. For user-customized pre and post-backup commands, the commands must exist in the

$STXPATH/custom directory, must be writeable only by root and must be executable.

8. When executing a command to read or write backup media (i.e.”stio” or “sttape”), the device

specification may be:

a. A configured SBAdmin device name for the server. If it’s a directory-based device, the base

name of the file must also be specified in a separate option (since the directory-device refers
only to the pathname).

b. A tape drive name only if it is also physical drive configured within an SBAdmin device for the

server.

c. The full pathname to a backup image file created by SBAdmin, and only if the pathname to the

file is also configured as a directory within an SBAdmin device for the server.

Note that all of the above configuration files and directories may only be written by the root user on the system.

Remote Installation Manager

The Remote Installation Manager (RIM) provides a remote system anywhere on the network to connect to the
system installation process of a client. This access is provided using a secure (ssh) connection. Only one
remote ssh program may connect to the client at a time. Since this access is only available when this option has

Storix System Backup Administrator

163

Version 8.2 User Guide