Running nsrjb as non-root user

The procedure below is the official method of allowing non-root users to perform jukebox commands ....

  1. In SBU Administrator (nwadmin), select 'Server Setup' from the Server pull-down menu,
  2. In the 'Administrator' field (list box) enter the additional user or group name,
  3. Click Add. The name you added appears in the Administrators attribute
  4. Click Apply,
  5. After adding them to the Administrator's list, they can perform Jukebox operations by opening the SBU Administrators program, go to Media -> Jukeboxes >- View -> Details -> Operations. Select an Operation from the list then click Apply ...

The limitation of the above is that all Jukebox operation have to be performed within the SBU Administration GUI (nwadmin), not useful for SysAdmin/Backup Operators who utilise command-line, or don't have a graphics head on the server.

If a non-root users attempts to utilise the jukebox command-line utility (nsrjb) even with the above set, they'll receive an error similar to:

nsrjb: You are not authorized to run this command

Therefore the alternate method, which is widely used is to add the 'sticky bit' to the permissions on the SBU jukebox control command (nsrjb) ... This must be performed as the root user:

# /usr/bin/chmod 6755 /usr/sbin/nsr/nsrjb

Once set non-root users can run the nsrjb command to there hearts content. The down side to this is that all non-root users can run the command.

There use to be a method of changing the group on the nsrjb binary, set the group 'sticky bit' (2755), and add users to the specific /etc/group (or nis/nis+ table), but this option is no longer viable (shame as this would have been the securest method, of permitting only a select few).