[ Contents
] [ Index ]
Users and Passwords
The following sections explain how to create users and passwords. Administrative (User) Security Levels and Guidelines If you are running the SANscape application on a system using the HP-UX, administrator security levels are automatically
created during the installation process. You only need to set passwords
and assign users according to the desired permission level. SANscape administrative
functions require access logins and passwords to prevent the possibility
of one administrator reallocating or removing storage resources belonging
to other clients and hosts without authorization. You assign separate
passwords for the three levels of security for SANscape. You do this by
setting up three users on the agents that have storage devices that are
managed by SANscape. These three users are automatically added during
the installation of the agent.
The SANscape security levels must have these exact names: These names are required for the three security levels. After installation,
you must assign a password to each security name. ssmon, ssadmin, and
ssconfig are logins that correspond only to security levels within SANscape.
For UNIX, the default shell for these accounts
is assigned to /bin/false to prevent the user IDs from being used
for interactive logins. SANscape can be set up so that monitoring does not require users to type
the ssmon password. This is done by selecting the Auto Discovery
option when the servers are added to the Managed Servers list at
the console. You can set up these three logins and passwords locally on
each server. (The accounts can have different passwords on each server,
if desired.) Once you have set up these three logins on the agents to
be managed, the system administrator typically provides user access to
SANscape by assigning employees appropriate passwords, which are based
on the level of security required to complete tasks. For example, everyone
who has administration privileges on a particular server is assigned the
same password that was established for the user ssadmin. NOTE:To add servers to the
Managed Servers List, see Adding a Server.
To Create Passwords and Permissions Create a password for each of the new users by typing # passwd user-name Administrators might also want to change group permissions, which are
defined in the svrlist.dat file located in the /opt/Dot Hill/sanscape
directory during installation. The console is a Java-based utility, and as such, cannot provide facilities
to control permissions or ownership of files that SANscape creates. The
svrlist.dat file is easily readable by various forms of ASCII text processors.
It contains the encrypted password for the user ssmon and can be decrypted.
NOTE: Do not change the permissions and group ownership of svrlist.dat
after adding all agents that are being monitored.
|