Why NNMi(Network Node Manager) requires root access

  • KM00965235
  • 30-May-2014
  • 30-May-2014


This document describe which tasks NNMi run as root user.


This document describe which  tasks NNMi run as root user.


1.Product Installation
2.Product patching
3.Product hot fixes if needed
4.Product starting and stopping of background processes if sticky bit not allowed for /opt/OV/bin/ovstop and /opt/OV/bin/ovstart
- Workaround is to allow sticky bit (if needed) and configuration of /var/opt/OV/shared/nnm/conf/ovstart.allow
5. Maintenance tasks:
- Backup/restore
·        /opt/OV/bin/nnmbackup.ovpl
·        /opt/OV/bin/nnmrestore.ovpl
·        /opt/OV/bin/nnmbackupembdb.ovpl
·        /opt/OV/bin/nnmresetembdb.ovpl
·        /opt/OV/bin/nnmrestoreembdb.ovpl
·        /opt/OV/bin/nnmchangedbpw.ovpl
·        /opt/OV/bin/nnmchangeembdbpw.ovpl
·        /opt/OV/bin/nnmcertmerge.ovpl
·        /opt/OV/bin/nnmofficialfqdn.ovpl
·        /opt/OV/bin/nnmsetofficialfqdn.ovpl
·        /opt/OV/bin/nnmchangesyspw.ovpl
License installation
·        /opt/OV/bin/nnmlicense.ovpl
6.NNMi configuration file edits as needed.
7.For background processes, the processes are:
ovspmd: root
pmd: starts as root – switches to user nmsproc
ovjboss: starts as root – switches to user nmsproc
nmsdbmgr: starts as root – switches to user nmsdbmgr
nnmaction: starts as root – switches to user bin
The use of these users is why backup/restore requires root. The ovjboss process requires root access to allocate ports below 1024 and to perform raw socket access.  Pmd allocates ports below 1024. For the others,ovspmd starts the process as root, but the processes quickly switch to the non-root user.  Ovspmd runs as root in order to be able to start the other processes.
For users, other than product/patch install, if ovstart/ovstop are allowed, root usage should be minimal. Some initial configuration edits might be needed, but those diminish over time.