Granting Administrative Privilege to Backup Operators

Each person who issues the backup and butc commands in your cell must be listed in the /usr/afs/etc/UserList file on every database server machine that stores the Backup Database and Volume Location Database (VLDB), and every machine that houses a volume included in a volume set. By convention, the UserList file is the same on every server machine in the cell; the instructions in this document assume that your cell is configured in this way. To edit the UserList file, use the bos adduser and bos removeuser commands as described in Administering the UserList File.

In addition to being listed in the UserList file, backup operators who issue the butc command must be able to write to the files stored in each Tape Coordinator machine's local /usr/afs/backup directory, which are protected by UNIX mode bits. Before configuring your cell's first Tape Coordinator machine, decide which local user and group to designate as the owner of the directory and the files in it. Among the possible ownership options are the following:

Another option is to define a group in the local group file (/etc/group or equivalent) to which all backup operators belong. Then turn on the w mode bit (write permission) in the group mode bits rather than the user mode bits of the /usr/afs/backup directory and files in it. An advantage over the methods listed previously is that each operator can retain an individual administrative account for finer granularity in auditing.

For instructions on implementing your choice of protection methods, see Configuring Tape Coordinator Machines and Tape Devices.