We did it this way: We setup a script to perform the dsmadmc command that will execute any command. The script is only readable by root. Using sudo and its controls we are able to grant access to execute the script, but not read it. You can also do this with the proper group permissions setup as well and not use sudo.
So far, we have not found a way to break in to this script. Some may argue that root can read it, well, root level access should be strictly controlled. Paul D. Seay, Jr. Technical Specialist Naptheon Inc. 757-688-8180 -----Original Message----- From: Roger Deschner [mailto:[EMAIL PROTECTED]] Sent: Friday, October 11, 2002 1:33 AM To: [EMAIL PROTECTED] Subject: Re: Macros The big advantage of ITSM Server Scripts over OS Shell Scripts (whether Unix shell, CMS EXEC, or whatever) is passwords. With a Server Script, you are not execuring dsmadmc for each command - it is done form within an administrator session. Authentication has already been performed, so admin ids and passwords are simply not involved. However, for an OS script that issues the dsmadmc command for each ITSM command, you've got to put an all-powerful ITSM admin id and password on the command line, in clear text. This is a big security hazard. Has anyone figured out a way around this? Roger Deschner University of Illinois at Chicago [EMAIL PROTECTED] "Give a man a computer program and you give him a headache, but teach him to program computers and you give him the power to create headaches for others for the rest of his life." -- R. B. Forest On Thu, 10 Oct 2002, Alex Paschal wrote: >Well, I'll assume you mean TSM server scripts instead of shell scripts. > >Macros are really useful for multiple one time commands, like >generating and executing multiple commands where you don't want to have >to answer "Yes/No" for each command (move datas are a good example). >Server scripts are more useful for more general scheduled tasks. Quite >frankly, I have never used server scripts. If I have to do something >complicated enough to use variable substitution and logic, I use cron'd >shell or perl scripts for my management instead. > >Alex Paschal >Storage Administrator >Freightliner, LLC >(503) 745-6850 phone/vmail > > >-----Original Message----- >From: Gerald Wichmann [mailto:[EMAIL PROTECTED]] >Sent: Thursday, October 10, 2002 12:04 PM >To: [EMAIL PROTECTED] >Subject: Macros > > >Why would one use macros instead of a server script? > >Gerald Wichmann >Senior Systems Development Engineer >Zantaz, Inc. >925.598.3099 (w) > > > >This e-mail has been captured and archived by the ZANTAZ Digital >Safe(tm) service. For more information, visit us at www.zantaz.com. >IMPORTANT: This electronic mail message is intended only for the use of >the individual or entity to which it is addressed and may contain >information that is privileged, confidential or exempt from disclosure >under applicable law. If the reader of this message is not the >intended recipient, or the employee or agent responsible for delivering >this message to the intended recipient, you are hereby notified that >any dissemination, distribution or copying of this communication is >strictly prohibited. If you have received this communication in error, >please notify the sender immediately by telephone or directly reply to >the original message(s) sent. Thank you. >
