To restrict the pgdba user from host level login privileges for Linux, complete the following steps in the maintenance window:
Procedure
- Log in to the NCM Application server hosts, as the root user.
- Run the following command on the Application Server hosts:
source /etc/voyence.conf
- Stop all NCM services on the Application Server host, by running the following command:
systemctl stop vcmaster
- If the NCM Database server is remote, run the following commands on the server, as the root user:
source /etc/voyence.confsystemctl stop controldb
- Run the following commands on the NCM Database server:
- Run the following command in the Linux shell on the host where the controldb resides to back up appropriate files:
cp -p $VOYENCE_HOME/db/controldb/scripts/controldb.init /tmp/_[etc-init.d-]controldb.bak
- Update the pgdba user shell permissions, and then update the NCM controldb initialization script, to allow the correct controldb operation under a pdgba user with restricted shell privileges:
sed -i 's/su - pgdba -c/su - pgdba -s \/bin\/bash -c/g' $VOYENCE_HOME/db/controldb/scripts/controldb.init
cp -p /etc/passwd /tmp/passwd.bak
usermod -s /sbin/nologin pgdba
- Restart the system:
reboot
- Run the following command in the Linux shell on the host where the controldb resides to back up appropriate files:
- If the NCM Database server is remote, start all the NCM services on the Application server host, by running the following command:
systemctl start vcmaster
