Hitachi

Job Management Partner 1 Version 10 Job Management Partner 1/Consolidated Management 2/Network Node Manager i Setup Guide

19.1 Administering access control lists for NNMi folders

You might encounter a situation that would cause you to modify the user name that runs the NNM Action Server. However, if you change the user name that runs the action server without modifying the user name permissions, the NNM Action Server might not start, and NNMi might not log messages when running incident actions. This section discusses the actions to take to prevent this from happening.

NNMi supports changing the permissions for the following directories:

Although the default permissions for the /var/opt/OV/log/nnm/public folder are 755, NNMi uses ACLs to adjust access permissions for the database user (nmsdbmgr) and the nnmaction user (bin). During NNMi post-installation (part of the installation or upgrade script), the installation script changes the /var/opt/OV/log/nnm/public folder permissions and adds the ACLs.

If the installation script is unable to set the ACLs in the /var/opt/OV/log/nnm/public folder due to some unexpected error, the script will leave the /var/opt/OV/log/nnm/public folder world-writable (by other users), even though the NNMi installation completes successfully. Following a successful NNMi installation, if you want to restrict world-write permissions on the /var/opt/OV/log/nnm/public folder, see the system administrator's documentation to determine how to set up ACLs for the NNMi management server's operating system.

For the /var/opt/OV/log/nnm/public folder, use UNIX ACLs (access control lists) to adjust user access. Configuring ACLs is a useful method for extending the owner/group/other permissions. ACLs are supported on all three UNIX platforms (RedHat, HP-UX, and Solaris).

For example, after running the following commands, the user depicted by the USER variable obtains write access to the folder /var/opt/OV/log/nnm/public. Without running these commands, the permissions for the /var/opt/OV/log/nnm/public folder are 755, and files within the directory are not writable by anyone other than root.

RedHat Linux and Solaris:
setfacl -m user:user:rwx /var/opt/OV/log/nnm/public
HP-UX:
setacl -m user:user:rwx /var/opt/OV/log/nnm/public
Solaris ZFS:
chmod A+user:user:read_data/add_file/write_data/
list_directory:allow /var/opt/OV/log/nnm/public

For details about how to use the setfacl, setacl, and chmod commands, see the appropriate reference pages.

To Page Top

Trademarks

All Rights Reserved. Copyright (C) 2012, 2014, Hitachi, Ltd.

Copyright (C) 2009 Hewlett-Packard Development Company, L.P.

This software and documentation are based in part on software and documentation under license from Hewlett-Packard Company.