How to create a customized admin group for VERITAS Volume Manager Storage Administrator (VMSA)
What is an admin group ?
If users other than root need to access and use the VMSA GUI, it is best to create what is called an admin group. This admin group specifies which users can run the VMSA GUI.
The appropriate user name and password entries must exist in the password file or corresponding Network Information Name Service (NIS) table on the machine.
Your user name must also be included in the VMSA admin group (vrtsadm, by default) in the /etc/group file or NIS group table. If the vrtsadm group does not exist in the group file, only root can run the VMSA GUI.
To restrict a list of users who can only run VMSA in read-only mode, add a group called vrtsro to the group file or NIS group table on the machine. The vrtsro group includes the name of any user who is only allowed to run VMSA in the read-only mode.
To create an admin group other than the default group vrtsadm, follow the steps below
Reference the following man pages for further information on how to add users, groups and NIS+ information
groupadd add (create) a new group definition on the system
useradd administer a new user login on the system
nis+ a new version of the network information name service
The following steps illustrate how to create a new group entry, which will include a list of users that will be accessing the VMSA GUI.
1. Create the new group with the required group name if it does not already exist.
The group file contains an entry for each group recognized by the system, in the form of:
groupname The name of the group.
password If the password field is empty, then no password is demanded.
gid The group's unique numerical ID (GID) within the system.
user-list A comma-separated list of users allowed in the group.
Sample group entry
2. Create the required users to be added to this group in the passwd file.
The passwd file contains an entry for each user recognized by the system, in the form of:
3. Confirm that the group and passwd files have been updated accordingly.
The pwck command checks the passwd file by default and notes any inconsistencies. This process includes the validation of the number of fields, login name, user ID, group ID, and whether the login directory and the program-to-use or shell exists.
The grpck command verifies all entries in the group file by default. This verification includes a check of the number of fields, group name, group ID, whether any login names belong to more than group, and that all login names appear in the passwd file.
The pwconv command creates and updates the shadow file with information from the passwd file.
4. Modify the vmsa_server script
NOTE: The location of the VRTSvmsa package is presumed to be located in the following path: /opt/VRTSvmsa/bin
# cd /opt/VRTSvmsa/bin
# vi vmsa_server
Search for the following string: Starting $PROD_NAME Server
Modification to vmsa_server script
In this instance, the desired group name is called sms (as shown above within the circle).
5. Stop and start the vmsa_server to ensure all modifications are reflected.
Stop any VMSA GUI windows which are currently open
# /opt/VRTSvmsa/bin vmsa_server -k
# /opt/VRTSvmsa/bin vmsa_server &
6. Restart the VMSA GUI session to set changes made
# vmsa &
Imported Document Id
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.