I figured out what is happening, but not why it's happening.
What is happening is that the TSM instance was started as root via the
invocation in the /etc/inittab file, and is allowed to access the raw
stgpool vol.
Here is the inittab entry created by TSM install for starting the instance
at boot time. This is root running this:
ttsmuser:2:once:/opt/tivoli/tsm/server/bin/rc.dsmserv -u tsmuser -i
/tsmdata/tsmlm1/config -q >/dev/console 2>&1 # Tivoli Storage Manager
My startup script for manually starting the instance was run as root with
the same invocation:
nohup /opt/tivoli/tsm/server/bin/rc.dsmserv -u tsmuser -i
/tsmdata/tsmlm1/config -q &
In BOTH OF THESE CASES, tsm is able to access the raw stgpool volume I
detailed earlier which should be accessible by the instance owner.
BUT, if the tsm instance is started AS THE INSTANCE OWNER HIMSELF, without
the "-u tsmuser" parm on the dsmserv invocation, access to the raw stgpool
vol FAILS. In other words, if I do the following TSM fails to open the
raw stgpool vol:
su - tsmuser
nohup /opt/tivoli/tsm/server/bin/rc.dsmserv -i /tsmdata/tsmlm1/config -q
&
==> Apparently, the inittab style invocation as root with the "-u tsmuser"
parm is allowing dsmserv to run with root permissions, even though the
actual process is running as the instance owner.
. . . interesting . . .
Rick
From: Shawn DREW <shawn.drew AT US.BNPPARIBAS DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: 09/19/2013 01:27 PM
Subject: Re: TSM v5->v6 upgrade - permissions of raw disk pool vols
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
Yes, permission needs to be considered for v6 resource access, although
you don't necessarily need to reassign ownership.
http://www-01.ibm.com/support/docview.wss?uid=swg21394164
Regards,
Shawn
________________________________
Shawn Drew
> -----Original Message-----
> From: ADSM-L AT VM.MARIST DOT EDU [mailto:ADSM-L AT VM.MARIST DOT EDU]
> Sent: Thursday, September 19, 2013 1:03 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: [ADSM-L] TSM v5->v6 upgrade - permissions of raw disk pool vols
>
> Our TSM v5 servers all run as root. After the conversion to v6 they
will be
> running as a non-root account which is the tsm/db2 instance owner.
>
> Our disk pools are all raw logical volumes. Do we need to change
ownership
> of the raw volumes to the new instance owner so dsmserv can access the
> LV's?
> Along the same lines, is the new v6 dsmserv able to access the RMT tape
> devices, or do I have to change their ownership also?
>
> Thanks
>
> Rick
>
>
>
>
>
> -----------------------------------------
> The information contained in this message is intended only for the
personal
> and confidential use of the recipient(s) named above. If the reader of
this
> message is not the intended recipient or an agent responsible for
delivering
> it to the intended recipient, you are hereby notified that you have
received
> this document in error and that any review, dissemination, distribution,
or
> copying of this message is strictly prohibited. If you have received
this
> communication in error, please notify us immediately, and delete the
original
> message.
This message and any attachments (the "message") is intended solely for
the addressees and is confidential. If you receive this message in error,
please delete it and immediately notify the sender. Any use not in accord
with its purpose, any dissemination or disclosure, either whole or
partial,
is prohibited except formal approval. The internet can not guarantee the
integrity of this message. BNP PARIBAS (and its subsidiaries) shall (will)
not therefore be liable for the message if modified. Please note that
certain
functions and services for BNP Paribas may be performed by BNP Paribas
RCC, Inc.
|
