Just recently I realized that our usage of proxynode feature violates security standards in UNIX. We have NFS File-Servers lxfsuxx as agent nodes and a target node lxtsm.
Using GRant PROXynode server command and asnodename client option we allow users to restore data which was backup up on the NFS Fileserver. But: Users now see not only their own files, they see all files and are able to restore or retrieve them, not considering the UNIX permissions ! There is a IBM doc APAR IC50565 which explains this and stating that: ... when TSM admin grants a node proxy authority, and you use the asnodename option to become that node, you can query and restore all files as if you had root authority. I wish I had known this before we began using proxynode for our NFS fileservers ! Matthias -- -- Matthias Feyerabend | [EMAIL PROTECTED] Gesellschaft fuer Schwerionenforschung | phone +49-6159-71-2519 Planckstr. 1 | D-64291 Darmstadt | fax +49-6159-71-2519
