Configuring a non-root user to run MSDP commands through msdpcmdrun

On a server where the MSDP storage server is configured, a non-root user can also run MSDP commands through a wrapper called msdpcmdrun.

Every command run through msdpcmdrun is audited. Audit report is displayed in the NetBackup web UI under Security > Security events > Audit events.

Prerequisites:

Only the users from the deduplication administrator group pdadmin can run MSDP commands through msdpcmdrun.
Admin user must create a deduplication administrator group pdadmin if it does not exist and add required users to the user group.
If the MSDP storage server was already configured before creating the pdadmin group, the admin user must start the PureDisk Privilege Access Service (PDPAS) service manually.

To configure and enable msdpcmdrun for a non-root user:

Create the pdadmin group if it does not exist already.
groupadd pdadmin
Add the user to the pdadmin group. Either create a new user or add an existing user to the pdadmin group.
useradd test -G pdadmin
Ensure that the PDPAS service is running.
- Check if the PDPAS service is active.
  /usr/openv/pdde/pdconfigure/pdde ps | grep pdpas
- If the service is not running, start the service.
  /usr/openv/pdde/pdconfigure/pdde pdpas start
Run msdpcmdrun as a non-root user.
For example, /usr/openv/pdde/pdcr/bin/msdpcmdrun crstats

See Troubleshooting the msdpcmdrun issues.

Configuring a non-root user to run MSDP commands through msdpcmdrun

Feedback

Feedback