08-15-2016
Quote:
Originally Posted by
AIXBlueCat
can we do an mksysb backup with other userid other than root ?
Consider this: to create a backup of something you need at least read access to it. A mksysb image is the complete rootvg, which includes the most sensitive information of the system (namely everthing in
/etc/security and the like). Ask yourself: will any other user except root be allowed to do it?
The answer is: of course NOT! That should answer your other questions too.
You can do it from a user using a
sudo-rule if you have sudo installed, but that means that this user runs some process effectively as root either.
I hope this helps.
bakunin
This User Gave Thanks to bakunin For This Post:
10 More Discussions You Might Find Interesting
1. Solaris
Hello Guys,
Can before and after snapshots be used to verify successful filesystem restoration?
snapshots will be created using fssnaps and restoration is thru legato restore?
Any ideas on this? or any other ways I could verify that restoration is good?
Regards (0 Replies)
Discussion started by: MarkyBoy
0 Replies
2. Shell Programming and Scripting
Dear All,
I am using sun OS server and performing weekly backup on a tape DDS2 for log files for the past 7 days, the log file sizes are ranging between 1 - 2 G......When i want to restore a specific file from the tape, i have to restore the whole files from the tape by using the command (tar... (1 Reply)
Discussion started by: charbel
1 Replies
3. Solaris
i have 2 hardisk. Hardisk A and Hardisk B.
i have backup the oracle folder from hardisk A to hardisk B c0t0d0s4/oracle.
If i want to restore , what is the command and
what do i need to do ?
urgent help needed.
Thanks for your quick reply . (1 Reply)
Discussion started by: Farbegas
1 Replies
4. UNIX for Dummies Questions & Answers
Can anybody help me ? ?
Previously data was taken multi volume LTO Tape backup in Red hat Linux by following command : tar -cvf /dev/rmt/tps6d7v -b 1000 -M filenames , now i try to Restore it in SELS9 by following command : tar -xvf /dev/st1 -b 1000 -M filenames , it extracts only part of the... (0 Replies)
Discussion started by: pramanik
0 Replies
5. AIX
please provide me with the steps to restore from mksysb tape. i m using AIX 5.3 TL 7 (2 Replies)
Discussion started by: debasis9
2 Replies
6. AIX
Hi,
I just want to ask whether anyone has experience on restoring mksysb backup in NIM. We have taken the mksysb backup and the SPOT has been configured on NIM also. I just want to know the checkpoints before doing this. Is there any checkpoints we need to do? Do we need to unmirrorvg? This... (12 Replies)
Discussion started by: depam
12 Replies
7. AIX
I am having the Lexmark/IBM 1/2” 3490E Tape Cartridge which contains old data which had taken up some years back.
I want to know what kind of data is available and which backup product is used for backup the data and from which OS the data has been backup.
It would be helpful for me if could... (3 Replies)
Discussion started by: kmvinay
3 Replies
8. Solaris
I am trying to restore opt on my server.
my issue is, all the partitions are saved into the same back up tape.
what is the exact command to just restore /opt for example, supposing c0t0d0s7 is the partition for /opt
---------- Post updated at 01:16 PM ---------- Previous update was at... (7 Replies)
Discussion started by: feg
7 Replies
9. Shell Programming and Scripting
Hi there,
Alright I have this line that I'm working with (bash programming):
mysql -u username -pHASH ${args} < /home/site/backups/site.${args}.sql
I get this error on that line:
./restore.sh: line 51: syntax error near unexpected token `newline'
./restore.sh: line 51: `mysql -u... (5 Replies)
Discussion started by: Pandoula
5 Replies
10. Solaris
Rebooting with command: boot
Boot device: /pci@1e,600000/pci@0/pci@a/pci@0/pci@8/scsi@1/disk@0,0:a File and args:
SunOS Release 5.10 Version Generic_147440-01 64-bit
Copyright (c) 1983, 2011, Oracle and/or its affiliates. All rights reserved.
WARNING: system call missing from bind file... (8 Replies)
Discussion started by: andersonedouard
8 Replies
LEARN ABOUT CENTOS
pam_ssh_agent_auth
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8)
PAM_SSH_AGENT_AUTH
This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.
SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys
/etc/sudoers:
Defaults env_keep += "SSH_AUTH_SOCK"
This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
/etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
either be local, or forwarded.
Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.
ARGUMENTS
file=<path to authorized_keys>
Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)
allow_user_owned_authorized_keys_file
A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
whenever the expansions %h or ~ are used.
debug
A flag which enables verbose logging
sudo_service_name=<service name you compiled sudo to use>
(when compiled with --enable-sudo-hack)
Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.
This defaults to "sudo".
EXPANSIONS
~ -- same as in shells, a user's Home directory
Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file
%h -- User's Home directory
Automatically enables allow_user_owned_authorized_keys_file
%H -- The short-hostname
%u -- Username
%f -- FQDN
EXAMPLES
in /etc/pam.d/sudo
"auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
The default .ssh/authorized_keys file in a user's home-directory
"auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
Same as above.
"auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not
specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified
allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we
have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.
v0.8 2009-08-09 pam_ssh_agent_auth(8)