Performing filesystem destroy on an EMC DataDomain

Posted on

Attempting to reset a DD2500 to factory defaults including filesystem destruction, but it wasn’t letting me do so as the sysadmin user. First it sends you to CLI, but once you go to CLI you get:

filesys destroy

**** Security officer authorizations must be enabled.

I misinterpreted this as needing a security role user, which is not the case, because my system already had a Security user with the security role. Not knowing that was not the issue, I tried to create such a user first:

# user add deletion role security
	Enter new password:
	Re-enter new password:
Passwords matched.

****  You are not authorized to add a user account with 'security' roleCode language: PHP (php)

Okay, so I then logged in as the Security user, whose password defaults to the array serial number. I created a new user called deletion with the security role. Logged in as that user and tried to delete:

> filesys destroy
**** This command is not available for this user.Code language: JavaScript (javascript)

Finally, I realized what it was trying to tell me. I had a security role user, named Security, and it just needed to be given the right to approve deletion requests, i.e. “Security officer authorizations”. Log in as your Security user, or any user with the security role that you know the password for, and execute:

> authorization policy set security-officer enabled
Runtime authorization policy has been enabled.
Code language: JavaScript (javascript)

Now, log back out, log back in as sysadmin, and execute the filesys destroy, and it will prompt you for the security role user’s credentials which you can now approve:

# filesys destroy
This command requires authorization by a user having a 'security' role.
Please present credentials for such a user below.
	Username: deletion
	Password:
Please enter sysadmin password:

The "filesys destroy" command irrevocably destroys all data in
all the MTrees, including all virtual tapes, archive units and replication contexts.
The 'filesys destroy' operation will take about 8-9 minutes.
File access is disabled during this process.
	Are you sure? (yes|no) [no]: yes

ok, proceeding.

..........
The filesystem is now disabled.
Destroying the filesystem.

The filesystem has been destroyed.Code language: PHP (php)

2 Replies to “Performing filesystem destroy on an EMC DataDomain”

    • DD User

      Thank you. It worked.

      Is there a specific command to do a secure wipe ?
      All disks at the same time or one disk at a time ?

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *