Here's how to set up a TSM client inside of a non-root user's home directory.
First, copy /opt/tivoli/tsm or /usr/tivoli/tsm into the location appropriate to your environment. For me, this was /home/xaminmo/tsm
Next, modify your dsm.sys and dsm.opt files to match the new environment.
TSM assumes hard-coded paths for a bunch of things, so the run line is like this:
If you use AES encryption, you'll run into something like this:
2011-03-16 19:26:49 ANS1467E ICC routine ICC_Init returned: majRC = 4, minRC = 2, desc = '/opt/tivoli/tsm/client/icc32/icc/icclib/libicclib.so: cannot open shared object file: No such file or directory'.
2011-03-16 19:26:49 ANS1464S Cannot load ICC encryption library.
The "recommended" solution is to not use AES encryption, but what fun is that?
The fix is documented for a Windows PE defect, but is easily adapted to our needs:
ln -s /home/xaminmo/tivoli/tsm/client/icc32/icc /home/xaminmo/tivoli/tsm/client/ba/bin
echo "testflag localicc" >> /home/xaminmo/tivoli/tsm/client/ba/bin/dsm.opt
Finally, with PASSWORDACCESS GENERATE set, but non-root dsmtca, you'll see something like this:
2011-03-16 20:06:25 Unable to locate valid trusted communication agent.
2011-03-16 20:06:25 tcaPath is >/home/xaminmo/tsm/client/ba/bin/dsmtca<. rc is 138
2011-03-16 20:06:25 ANS1501E Trusted agent execution/owner permissions are invalid
The fix is again simple, but only documented in the API Programmer's guide:
chmod -R go-rwx /home/xaminmo/tsm
chmod 4500 /home/xaminmo/tsm/client/*/bin/dsmtca
chown -R xaminmo /home/xaminmo/tsm
echo "PASSWORDDIR /home/xaminmo/tsm/tivinv" >> /home/xaminmo/tivoli/tsm/client/ba/bin/dsm.sys
After that, ONLY xaminmo may run dsmc, but the password will be encrypted and stored in /home/xaminmo/tsm/tivinv/TSM.PWD.
Not pretty, but it's all documented from IBM, and it does work in my lab.