Accessibility of the unified logs
NetBackup sets the permissions on the unified log directories to a restrictive but configurable level. This change is designed to prevent unauthorized access to the NetBackup logs, which may contain sensitive information.
You can change the default log file permissions to make them less restrictive. Use the vxlogcfg command to change the log file or folder permissions. You can change the permissions of a specific Originator ID (OID) or you can change the default permissions that applies to all the OIDs. For folder permissions, the Default.LogFilePermissions is considered.
The folder and file permissions do not change instantly after running the vxlogcfg command. If you want to apply the permissions immediately, restart the NetBackup services. For more information on restarting the services, see this article. The file and folder permissions are applied during the next log rollover cycle that depends on the length of the logs and the configured log file sizes. The maximum rollover period is one day. So, in this case, the new permissions reflects after one day afer changing the file permissions. The permissions of existing log files in the system are not changed.
Here are some examples for changing the default log permissions:
These two example commands change file permissions to 644 for all the components. The folder gets additional execute permissions (755).
/usr/openv/netbackup/bin/vxlogcfg -a --prodid 51216 -o ALL -s LogFilePermissions=644
/usr/openv/netbackup/bin/vxlogcfg -a --prodid 51216 -o ALL -s DynaReloadInSec=120
To change the permissions for any originator ID, use the following example command:
/usr/openv/netbackup/bin/vxlogcfg -a --prodid 51216 --orgid 111 -s LogFilePermissions=644
This command applies the 644 permission to the originator ID 111, which represents
nbemm. For all other componentorgid,refer to/usr/openv/netbackup/nblog.conf.Note:
By default, the parameter Default.LogFilePermissions from the
nblog.conffile is followed for all folder permissions. When you use OID specific permissions, <OID>.LogFilePermissions parameters are used.To change permissions for a PBX log in the
icsul.conffile, use the following example command:/usr/openv/netbackup/bin/vxlogcfg -a --prodid 50936 -o 103 -s LogFilePermissions=644
If you want to apply the permissions immediately, restart the PBX services. For more information on restarting the services, see this article.