Running applications that use the API as a non-root user ID

You must perform specific steps if you are logged on as a non-root user ID who is attempting to run an application that uses the application programming interface (API).

Complete the following steps to allow a non-root user ID access to the API:

1. Set the DSMI_CONFIG environment variable. Verify that the non-root user ID has read-permission for the client options file specified by DSMI_CONFIG. Otherwise, dsmInit/dsmInitEx fails with return code DSM_RC_NO_OPT_FILE (406). For example, the following options file is not readable by a non-root user ID, therefore the file permissions must be updated:

   $ ls -l $DSMI_CONFIG
   -rwx------   1 root  sys  86 Oct 7 13:07 /testfsapi/callmt_nr/dsm.opt
   $ su root
   Password:
   # chmod a+r /testfsapi/callmt_nr/dsm.opt
   # exit
   $ ls -l $DSMI_CONFIG
   -rwxr--r--   1 root  sys  86 Oct 7 13:07 /testfsapi/callmt_nr/dsm.opt

2. Set the DSMI_DIR environment variable to the API installation directory. Verify that the non-root user ID has read-permission for the system options file specified by $DSMI_DIR/dsm.sys.

   $ export DSMI_DIR=/opt/tivoli/tsm/client/api/bin64
   $ ls -l $DSMI_DIR/dsm.sys
   -rw-r--r--   1 root  sys  
   4712 Oct 19 18:07 /opt/tivoli/tsm/client/api/bin64/dsm.sys

3. Set the DSMI_LOG environment variable. Verify that the non-root user ID has write permission for this directory. For example, the following DSMI_LOG directory is owned by a non-root user ID:

   $ ls -ld $DSMI_LOG
   drwxr-xr-x  2 apitest  users   96 Oct 19 17:56 /testfsapi/callmt_nr/logs

   If PASSWORDACCESS GENERATE is set in system options file dsm.sys, perform steps 4 and 5, otherwise go to step 6.
4. Optional: Check the ownership and permissions of the Trusted Communication Agent (TCA) only if the PASSWORDDIR option is not used or points to a directory that the user does not have read/write access to. This file is in the directory indicated by the DSMI_DIR environment variable. For example, the following TCA has the correct ownership and permissions:

   $ ls -l $DSMI_DIR/dsmtca
   -rwsr-xr-x 1 root bin 5021160 Oct 14 09:48 
   /opt/tivoli/tsm/client/api/bin64/dsmtca

   Wrong permissions or ownership result in DSM_RC_AUTH_FAILURE (137) returned from dsmInit. Additionally, it is imperative that you use the same version of the API library and dsmtca. Mixed versions result in errors.

   Error : calling program and dsmtca are not compatible
   calling program build date : Mon Oct 18 21:15:59 2004 Mon Oct 18 21:15:59 2004
   TCA build date : Wed Oct 13 16:48:03 2004 Wed Oct 13 16:48:03 2004
   *** Init failed: ANS0282E (RC168) Password file is not available.

5. The root or authorized user must generate the TSM.PWD password file by using either the backup-archive client or the dapismp sample API application. An authorized user is any non-root user ID who has read and write access to the stored password (TSM.PWD file). The location of the password file is determined by the PASSWORDDIR option in the dsm.sys system options file. In the following example, the sample API application generates the TSM.PWD password file for a node whose password is oddesy:

   # dapismp
   *************************************************************************
   * Welcome to the sample application for the IBM Spectrum Protect API. *
   * API Library Version = 5.4.0.0 *
   *************************************************************************
   Choose one of the following actions to test:
   0. Signon
   1. Backup
   2. Restore
   3. Archive
   4. Retrieve
   5. Queries
   6. Change Password
   7. Utilities : Deletes, Updates, Logevent, SetAccess, RetentionEvent
   8. Set preferences, envSetUp
   9. Exit to system
   10. Restore/Retrieve Without Offset Prompt
   11. Extended Signon
   Enter selection ==>0
   Node name:
   Owner name:
   Password:oddesy
   API Config file:
   Session options:
   User Name:
   User pswd:
   Are the above responses correct (y/n/q)?
   Doing signon for node, owner, with password oddesy
   Handle on return = 1
   Choose one of the following actions to test:
   0. Signon
   1. Backup
   2. Restore
   3. Archive
   4. Retrieve
   5. Queries
   6. Change Password
   7. Utilities : Deletes, Updates, Logevent, SetAccess, RetentionEvent
   8. Set preferences, envSetUp
   9. Exit to system
   10. Restore/Retrieve Without Offset Prompt
   11. Extended Signon
   Enter selection ==>9
   # ls -l TSM.PWD
   -rw------- 1 root sys 121 Oct 19 18:28 TSM.PWD
   Function call dsmInit returns DSM_RC_NO_PASS_FILE (168), if the password 
   file is not present in the directory specified by the PASSWORDDIR option.

6. If the tracing facility is enabled, verify that the non-root user ID has write permission for the file that is indicated by issuing the TRACEFILE option.