NetBackup™ 安全和加密指南

使用 nbac_cron 实用程序运行 cron 作业

1. 在主服务器上，以 root 用户或管理员身份运行命令 nbac_cron-addCron。

   root@amp# /usr/openv/netbackup/bin/goodies/nbac_cron -AddCron

   # nbac_cron -AddCron

   This application will generate a Veritas private domain identity that can be used in order to run unattended cron and/or at jobs.

   User name to create account for (e.g. root, JSmith etc.): Dan

   Password:*****

   Password:*****

   Access control group to add this account to [NBU_Admin]:

   Do you with to register this account locally for root(Y/N) ? N

   In order to use the account created please login as the OS identity that will run the at or cron jobs. Then run nbac_cron -setupcron or nbac_cron -setupat. When nbac_cron -setupcron or nbac_cron -setupat is run the user name, password and authentication broker will need to be supplied. Please make note of the user name, password, and authentication broker. You may rerun this command at a later date to change the password for an account.

   Operation completed successfully.

   如果未显式指定要添加用户的访问控制组（例如，NBU_Operator 或 Vault_Operator），则系统会将 cron 用户（此处是指 Dan）添加到 NBU_Admin 组。

   如果回答“是”，为 root 用户本地注册帐户，则会以 root 用户身份为 cron_user 自动执行 nbac_cron –SetupCron 命令。如果计划以非 root 操作系统用户身份运行 cron 作业，则应在此处回答“否”，然后以非 root 操作系统用户身份手动运行 nbac_cron –SetupCron 命令。

   Veritas 专用域中将生成一个身份。此身份可用于运行 cron 作业。

2. 现在，请以要执行 cron 作业的操作系统用户身份运行 nbac_cron-SetupCron 命令，以获取此身份的凭据。

   [dan@amp ~]$ /usr/openv/netbackup/bin/goodies/nbac_cron -SetupCron

   This application will now create your cron and/or at identity.

   Authentication Broker: amp.sec.punin.sen.veritas.com

   Name: Dan

   Password:*****

   You do not currently trust the server: amp.sec.punin.sen.veritas.com, do you wish to trust it? (Y/N): Y

   Created cron and/or at account information. To use this account in your own cron or at jobs make sure that the environment variable VXSS_CREDENTIAL_PATH is set to "/home/dan/.vxss/credentials.crat"

   Operation completed successfully.

   仅当您仍不信任代理时，才会显示服务器消息：You do not currently trust。

   系统将在用户的主目录（位于 user/.vxss/credentials.crat）中创建凭据。该凭据在生成后的一年内有效。

   您可以根据需要查看凭据的详细信息，如下所示：

   dan@amp~]$ /usr/openv/netbackup/bin/bpnbat -whoami -cf ~dan/.vxss/credentials.crat

   Name: CronAt_dan

   Domain: CronAtUsers@amp.sec.punin.sen.veritas.com

   Issued by: /CN=broker/OU=amp.sec.punin.sen.veritas.com

   Expiry Date: Feb 4 13:36:08 2016 GMT

   Authentication method: Veritas Private Domain

   Operation completed successfully.

   要在凭据失效之前进行续订，必须重新运行 SetupCron 操作（步骤 2）。

3. 现在，您可以创建自己的 cron 作业。计划任何新作业之前，确保将 VXSS_CREDENTIAL_PATH 路径设置为指向上述创建的凭据。