ADSM-L

Re: Client restores for NFS server backups

2006-05-08 08:16:58
Subject: Re: Client restores for NFS server backups
From: Dirk Kastens <Dirk.Kastens AT UNI-OSNABRUECK DOT DE>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Mon, 8 May 2006 14:16:53 +0200
Hi,

Richard Sims schrieb:
In TSM 5.3, the Virtualnodename mechanism has further evolved into a
Proxy Node capability, described in the 5.3 Admin Guide, client
manual, and the TSM 5.3 Technical Guide. This could address the NFS
collective backup/restore issue, once both client and server are at
the 5.3 level. I don't have experience with this, but it would be
interesting to hear from any sites which have pursued it.

I think, there's a big security issue. I just granted proxy authority to
one of our NFS clients. The backups are made on TSM node "nfsserver" and
the node "nfsclient" acts as a proxynode. So I added the following lines
to the dsm.sys on the client node:

nodename nfsclient
asnodename nfsserver

But now, when I log on to the NFS client as a normal user, I am able to
restore arbitrary files of other users to my home directory!!!! The
other homedirectories are not readable for me, so an "ls /home/myboss"
doesn't work. But using dsmc I get access to all files of all other users.
With "dsmc q ba -subd=y /home/myboss/" I get a list of all files of my
boss. And with "dsmc restore" I can restore all of his files to my home
directory. IS THIS A BUG OR DOES IT WORK AS DESIGNED?

I installed 5.3.3.0 clients on Linux.

--
Regards,

Dirk Kastens
Universitaet Osnabrueck, Rechenzentrum (Computer Center)
Albrechtstr. 28, 49069 Osnabrueck, Germany
Tel.: +49-541-969-2347, FAX: -2470

<Prev in Thread] Current Thread [Next in Thread>