VERITAS Volume Manager 3.1 Storage Administrator Administrator's Guide
Getting Started
Customizing Security (Optional)
Chapter 248
Customizing Security (Optional)
The VERITAS Volume Manager Storage Administrator can only be run
by users with appropriate privileges. By default, only root can run the
Storage Administrator. However, you can set up your system to allow
other users to run Storage Administrator.
Step 1. On the machine to be administered, add a group named vrtsadm to the
group file, /etc/group, or NIS (Network Information Name Service)
group table. The vrtsadm group must include the user names of any
users (including root) who will have access to the Storage
Administrator. For example:
vrtsadm::999:root,user1,user2
If the vrtsadm group does not exist, only root has access to the Storage
Administrator. If vrtsadm exists, root must be included in vrtsadm in
order for root to run the Storage Administrator.
Step 2. vrtsadm is the default VERITAS administrator group name. However,
you can change vrtsadm to another name by setting the
vrts.server.adminGroup property to another value. You can reset the
VERITAS administrator group name to
new_groupname
by changing the
following line in the /opt/HPvmsa/vmsa/properties file:
vrts.server.adminGroup=
new_groupname
Step 3. Once you have set up security for the Volume Manager Storage
Administrator, you can monitor access to the Storage Administrator by
reviewing the contents of the access log file. By default, the access log file
is /var/opt/vmsa/logs/access. This file contains entries similar to the
following:
Fri Jan 23 10:22:17 PST 1998: user xyz login succeeded
Fri Jan 23 10:59:52 PST 1998: user xyz login failed
with error "User password invalid"
Entries for failed access can be logged multiple times. This is due to a
security requirement and is not an error.