The FOXMAN‑UN Security Administrator
Please note:
The FOXMAN‑UN installation script creates a user account for the FOXMAN‑UN administrator with the name “nemadm” which is the owner of the installed file system. It is however not a user that can be used for logging in to FOXMAN‑UN.
Most of the FOXMAN‑UN administrator tasks are associated with the system role “NMS security administrator - SECADM”.
Any user that has the system role SECADM assigned can execute system management tasks for the FOXMAN‑UN system. In practice this means:
• With a few exceptions, all files and directories relating to the FOXMAN‑UN software are owned by “nemadm”.
• The FOXMAN‑UN database is owned by “postgres”.
• The FOXMAN‑UN database may only be backed up and restored by users with the security administration role assigned.
• The first user of the FOXMAN‑UN must be a NMS security administrator. Nobody else can do anything useful unless the security administrator (a Linux user to be defined before installation and to be entered at the beginning of the installation) has set up the security system (users and roles).
The idea behind is that the Linux administrator can apply whatever security constraints they want to apply to accounts, including the NMS security administrator. The Linux administrator could even remove the access to this user later on, so effectively no user could tamper with FOXMAN‑UN except root.
• The agents, as well as the daemon processes associated with the core component, can only be started or stopped by a security administrator. Other users may not do these things (except for root, who can kill any process).
A result of this is that virtually all tasks that are directly associated with the FOXMAN‑UN system settings can only be performed by a security administrator, without having to log in as root. This has been done by design so that the root password does not have to be revealed to the FOXMAN‑UN administrator, thereby increasing security as a whole.