Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Mksysb restoration
Operating Systems AIX Mksysb restoration Post 302979509 by bakunin on Monday 15th of August 2016 03:17:58 PM
Old 08-15-2016
Quote:
Originally Posted by AIXBlueCat
can we do an mksysb backup with other userid other than root ?
Consider this: to create a backup of something you need at least read access to it. A mksysb image is the complete rootvg, which includes the most sensitive information of the system (namely everthing in /etc/security and the like). Ask yourself: will any other user except root be allowed to do it?

The answer is: of course NOT! That should answer your other questions too.

You can do it from a user using a sudo-rule if you have sudo installed, but that means that this user runs some process effectively as root either.

I hope this helps.

bakunin
This User Gave Thanks to bakunin For This Post:
AIXBlueCat
 

10 More Discussions You Might Find Interesting

1. Solaris

Can before and after snapshots be used to verify successful filesystem restoration?

Hello Guys, Can before and after snapshots be used to verify successful filesystem restoration? snapshots will be created using fssnaps and restoration is thru legato restore? Any ideas on this? or any other ways I could verify that restoration is good? Regards (0 Replies)
Discussion started by: MarkyBoy
0 Replies

2. Shell Programming and Scripting

Restoration issue

Dear All, I am using sun OS server and performing weekly backup on a tape DDS2 for log files for the past 7 days, the log file sizes are ranging between 1 - 2 G......When i want to restore a specific file from the tape, i have to restore the whole files from the tape by using the command (tar... (1 Reply)
Discussion started by: charbel
1 Replies

3. Solaris

restoration

i have 2 hardisk. Hardisk A and Hardisk B. i have backup the oracle folder from hardisk A to hardisk B c0t0d0s4/oracle. If i want to restore , what is the command and what do i need to do ? urgent help needed. Thanks for your quick reply . (1 Reply)
Discussion started by: Farbegas
1 Replies

4. UNIX for Dummies Questions & Answers

LTO multivolume restoration problem in SELS9

Can anybody help me ? ? Previously data was taken multi volume LTO Tape backup in Red hat Linux by following command : tar -cvf /dev/rmt/tps6d7v -b 1000 -M filenames , now i try to Restore it in SELS9 by following command : tar -xvf /dev/st1 -b 1000 -M filenames , it extracts only part of the... (0 Replies)
Discussion started by: pramanik
0 Replies

5. AIX

mksysb restoration steps

please provide me with the steps to restore from mksysb tape. i m using AIX 5.3 TL 7 (2 Replies)
Discussion started by: debasis9
2 Replies

6. AIX

mksysb restoration using NIM

Hi, I just want to ask whether anyone has experience on restoring mksysb backup in NIM. We have taken the mksysb backup and the SPOT has been configured on NIM also. I just want to know the checkpoints before doing this. Is there any checkpoints we need to do? Do we need to unmirrorvg? This... (12 Replies)
Discussion started by: depam
12 Replies

7. AIX

Data restoration

I am having the Lexmark/IBM 1/2” 3490E Tape Cartridge which contains old data which had taken up some years back. I want to know what kind of data is available and which backup product is used for backup the data and from which OS the data has been backup. It would be helpful for me if could... (3 Replies)
Discussion started by: kmvinay
3 Replies

8. Solaris

question about restoration from backup tape (solaris 10)

I am trying to restore opt on my server. my issue is, all the partitions are saved into the same back up tape. what is the exact command to just restore /opt for example, supposing c0t0d0s7 is the partition for /opt ---------- Post updated at 01:16 PM ---------- Previous update was at... (7 Replies)
Discussion started by: feg
7 Replies

9. Shell Programming and Scripting

MySQL Restoration Backup Script

Hi there, Alright I have this line that I'm working with (bash programming): mysql -u username -pHASH ${args} < /home/site/backups/site.${args}.sql I get this error on that line: ./restore.sh: line 51: syntax error near unexpected token `newline' ./restore.sh: line 51: `mysql -u... (5 Replies)
Discussion started by: Pandoula
5 Replies

10. Solaris

Error after systeme restoration

Rebooting with command: boot Boot device: /pci@1e,600000/pci@0/pci@a/pci@0/pci@8/scsi@1/disk@0,0:a File and args: SunOS Release 5.10 Version Generic_147440-01 64-bit Copyright (c) 1983, 2011, Oracle and/or its affiliates. All rights reserved. WARNING: system call missing from bind file... (8 Replies)
Discussion started by: andersonedouard
8 Replies

LEARN ABOUT CENTOS

pam_ssh_agent_auth

pam_ssh_agent_auth(8)							PAM						     pam_ssh_agent_auth(8)

PAM_SSH_AGENT_AUTH
       This module provides authentication via ssh-agent.  If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
       the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.

SUMMARY

       /etc/pam.d/sudo: auth	sufficient     pam_ssh_agent_auth.so file=/etc/security/authorized_keys
       /etc/sudoers:
	    Defaults	env_keep += "SSH_AUTH_SOCK"

       This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
       /etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
       either be local, or forwarded.

       Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.

ARGUMENTS

       file=<path to authorized_keys>
	   Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)

       allow_user_owned_authorized_keys_file
	   A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
	   whenever the expansions %h or ~ are used.

       debug
	   A flag which enables verbose logging

       sudo_service_name=<service name you compiled sudo to use>
	   (when compiled with --enable-sudo-hack)

	   Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
	   is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.

	   This defaults to "sudo".

EXPANSIONS

       ~  -- same as in shells, a user's Home directory
	   Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
	   to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file

       %h -- User's Home directory
	   Automatically enables allow_user_owned_authorized_keys_file

       %H -- The short-hostname
       %u -- Username
       %f -- FQDN

EXAMPLES

       in /etc/pam.d/sudo

       "auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
	   The default .ssh/authorized_keys file in a user's home-directory

       "auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
	   Same as above.

       "auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
	   If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys.  In this case, we have not
	   specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.

       "auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
	   On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys.	In this case, we specified
	   allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.

       "auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
	   On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys.	In this case, we
	   have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.

v0.8								    2009-08-09						     pam_ssh_agent_auth(8)
All times are GMT -4. The time now is 11:03 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy