21.1 Administering access control lists for NNMi folders
You might encounter a situation that would cause you to modify the user name that runs the NNM Action Server. However, if you change the user name that runs the action server without modifying the user name permissions, the NNM Action Server might not start, and NNMi might not log messages when running incident actions. This section discusses the actions to take to prevent this from happening.
NNMi supports changing the permissions for the following directories:
/var/opt/OV/log/nnm/public
/var/opt/OV/shared/perfSpi
Although the default permissions for the /var/opt/OV/log/nnm/public folder are 755, NNMi uses ACLs to adjust access permissions for the database user (nmsdbmgr) and the nnmaction user (bin). During NNMi post-installation (part of the installation or upgrade script), the installation script changes the /var/opt/OV/log/nnm/public folder permissions and adds the ACLs.
If the installation script is unable to set the ACLs in the /var/opt/OV/log/nnm/public folder due to some unexpected error, the script will leave the /var/opt/OV/log/nnm/public folder world-writable (by other users), even though the NNMi installation completes successfully. Following a successful NNMi installation, if you want to restrict world-write permissions on the /var/opt/OV/log/nnm/public folder, see the system administrator's documentation to determine how to set up ACLs for the NNMi management server's operating system.
For the /var/opt/OV/log/nnm/public folder, use Linux ACLs (access control lists) to adjust user access. Configuring ACLs is a useful method for extending the owner/group/other permissions. ACLs are supported in Linux.
For example, after running the command listed below, the user depicted by the user variable obtains write access to the folder /var/opt/OV/log/nnm/public. Without running the following command, the permissions for the /var/opt/OV/log/nnm/public folder are 755, and files within the directory are not writable by anyone other than root.
setfacl -m user:user:rwx /var/opt/OV/log/nnm/public
For details about how to use the setfacl command, see the appropriate reference pages.