The permissions problem in article is exactly what I would have expected.
But, I just tried a test. I just did a test migration of a library
manager only TSM instance that has no stgpools. The v5 instance ran as
root, and the v6 instance is running as owner "tsmuser".
After the migration from v5.5.6 to v6.2.5 I did the following:
defined diskpool: define stgpool diskpool disk
created lv (as root): mklv -y lvdiskpool -t jfs2 -e x vgemc 200
defined lv to diskpool: define vol dispool /dev/rlvdiskpool
I expected to get a permissions error, but it worked!
=> the tsm instance is running as tsmuser
rsfebkup19p:/home/root==>ps -ef | grep dsm
tsmuser 12583132 1 0 12:45:50 - 0:10
/opt/tivoli/tsm/server/bin/dsmserv -u tsmuser -i /tsmdata/tsmlm1/config -q
=> The lv is owned by root/system. tsmuser would have to access by world
permissions which allow no access.
rsfebkup19p:/home/root==>ls -ld /dev/rlvdiskpool
crw-rw---- 1 root system 39, 10 Sep 19 12:49 /dev/rlvdiskpool
=> The lv is truly opened in TSM
rsfebkup19p:/home/root==>lsvg -l vgemc | grep lvdiskpool
lvdiskpool jfs2 200 200 1 open/syncd N/A
rsfebkup19p:/home/root==>lsof /dev/rlvdiskpool
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dsmserv 12583132 tsmuser 9u VCHR 39,10 0t4096 20207
/dev/rlvdiskpool
=> tsmuser is not a member of system group
rsfebkup19p:/home/root==>grep tsmuser /etc/passwd
tsmuser:!:1000:1000::/tsmdata/tsmlm1/config:/usr/bin/ksh
rsfebkup19p:/home/root==>grep tsmuser /etc/group
staff:!:1:ipsec,sshd,pmclient,tsmuser
tsmgroup:!:1000:tsmuser
I'm stumped! It worked, but it shouldn't have. I wish I had some test
tape drives I could test to.
Rick
From: Shawn DREW <shawn.drew AT US.BNPPARIBAS DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: 09/19/2013 01:27 PM
Subject: Re: TSM v5->v6 upgrade - permissions of raw disk pool vols
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
Yes, permission needs to be considered for v6 resource access, although
you don't necessarily need to reassign ownership.
http://www-01.ibm.com/support/docview.wss?uid=swg21394164
Regards,
Shawn
________________________________
Shawn Drew
> -----Original Message-----
> From: ADSM-L AT VM.MARIST DOT EDU [mailto:ADSM-L AT VM.MARIST DOT EDU]
> Sent: Thursday, September 19, 2013 1:03 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: [ADSM-L] TSM v5->v6 upgrade - permissions of raw disk pool vols
>
> Our TSM v5 servers all run as root. After the conversion to v6 they
will be
> running as a non-root account which is the tsm/db2 instance owner.
>
> Our disk pools are all raw logical volumes. Do we need to change
ownership
> of the raw volumes to the new instance owner so dsmserv can access the
> LV's?
> Along the same lines, is the new v6 dsmserv able to access the RMT tape
> devices, or do I have to change their ownership also?
>
> Thanks
>
> Rick
>
>
>
>
>
> -----------------------------------------
> The information contained in this message is intended only for the
personal
> and confidential use of the recipient(s) named above. If the reader of
this
> message is not the intended recipient or an agent responsible for
delivering
> it to the intended recipient, you are hereby notified that you have
received
> this document in error and that any review, dissemination, distribution,
or
> copying of this message is strictly prohibited. If you have received
this
> communication in error, please notify us immediately, and delete the
original
> message.
This message and any attachments (the "message") is intended solely for
the addressees and is confidential. If you receive this message in error,
please delete it and immediately notify the sender. Any use not in accord
with its purpose, any dissemination or disclosure, either whole or
partial,
is prohibited except formal approval. The internet can not guarantee the
integrity of this message. BNP PARIBAS (and its subsidiaries) shall (will)
not therefore be liable for the message if modified. Please note that
certain
functions and services for BNP Paribas may be performed by BNP Paribas
RCC, Inc.
|
