Remote installation manager – Storix Software SBAdmin TSM Edition Users Guide User Manual

Storix System Backup Administrator

110

Version 8.2 TSM Edition User Guide

In the following, $STXPATH designates your SBAdmin data directory chosen
when installing the software (default is /storix), and $STXINSTPATH is the
SBAdmin application directory (/opt/storix for Linux & Solaris or /usr/lpp/storix
for AIX).

1. The IP address of the sender is checked to see if it is a valid admin system. Valid admin systems are

specified in the

$STXPATH/config/admin_servers file when SBAdmin is installed onto a client system.

If the caller is an administrator system, no further hostname or IP address checking is performed.

2. The

groupid of the caller is checked that it is a member of the same group. The group of a client is

identified by the

$STXPATH/config/group file. This file is created by the SBAdmin administrator

system and copied to each client when it is configured.

3. The IP address of the sender is checked to see if it is a valid client (if calling a server). The

$STXPATH/config/serveraccess_groupid file determines the permitted hosts. This file is created by
the SBAdmin administrator system and copied to each server when clients are added or removed from
the server’s group.

4. The command to execute is checked to ensure it is not a wrapper. For instance, no commands

containing sub-commands such as “command1; command2” or “command1 $(command2)” may be
executed.

5. The command to execute is checked to ensure it does not contain an absolute pathname. Only the

command name to execute must exist on the system in the

$STXINSTPATH/bin directory.

6. The command to execute is checked to see if it a permitted remote command. Permitted commands

are listed in the

$STXINSTPATH/config/remote_cmds file. Programs listed here may not have a

leading PATH, but the commands themselves must exist in the

$STXINSTPATH/bin directory.

7. For user-customized pre and post-backup commands, the commands must exist in the

$STXPATH/custom directory, must be writeable only by root and must be executable.

Note that all of the above configuration files and directories may only be written by the root user on the system.

Remote Installation Manager

The Remote Installation Manager (RIM) provides a remote system anywhere on the network to connect to the
system installation process of a client. This access is provided using a secure (

ssh) connection. Since this

access is only available when this option has been configured, a password has been set, and the client is
booted to the system installation process. There is little security risk, but it is worth noting that the remote user
will have access to all system installation process options and installation media available to the client system.

RIM access is only provided after booting from SBAdmin system installation boot media and either:

a. enabling RIM access within the system installation menus from the client

or

b. pre-configuring automatic enabling of RIM access when the installation media is configured.

In either case, a password is selected that the remote ssh program must use to connect to the client’s
installation process.