On Wed, Jan 12, 2011 at 3:57 PM, Sven Aluoor <aluoor@xxxxxxxxx> wrote:
> On Wed, Jan 12, 2011 at 9:27 PM, mcclnx mcc <mcclnx@xxxxxxxxxxxx> wrote:
>> We have several LINUX servers with Backup Exec 12.5 client on it. Based on Backup administrator told us when configure backup EXEC client he need "root" password. Also we can NOT change "root" password after configure otherwise backup will failed.
>>
>> Does there has way I can create a account with special group assign to it for Backup EXEC to use?
>>
>> Thanks.
>
> Hi
>
> Try to create an account with UID 0 and try if Backup Exec accept
> this. Report back if it works. You may also ask this question at the
> Symantec forums
> http://www.symantec.com/connect/backup-and-archiving/forums/backup-exec.
> This software is really crap!
*NO*. Creating duplicate uid 0 accounts leads to enormous confusion,
because the identified owner of files can then be reported, fairly
randomly, as the "alternate-root" rather than as "root". If he's
pulling this sort of stunt as standard practice, then it's a hint that
he doesn't know much about system security or avoiding interference
with other software.
> cheers Sven
Your Backup Exec configuration advisor needs an education in the use
of "sudo" or restricted SSH keys to provide restricted access to the
necessary commands for Backup Exec. And he most *certainly* does not
need a "root password". Sudo or SSH key based access should be plenty,
so that you can revoke it relatively safely as needed.
Sadly, I'm right now looking at Symantec's notes on configuring this
tool for UNIX or Linux at
http://www.symantec.com/business/support/index?page=content&id=TECH5428.
Any software that says "put your backup servers in /etc/hosts!" and
doesn't explain the dangers of this was not written by people with a
clue about DNS and should probably be avoided.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
