|
Re: amanda and samba
2003-10-28 05:42:56
Christian Molière wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hello,
~ I have such error messages when I try to backup a samba share on a
windows server. User can only read on this share. Which kind of minimum
rights user must to have on share ?
FAILED AND STRANGE DUMP DETAILS:
/-- jupiter-ba //exploitsrvdc2/ArchiBackup lev 0 STRANGE
sendbackup: start [jupiter-backup://exploitsrvdc2/ArchiBackup level 0]
sendbackup: info BACKUP=/usr/bin/smbclient
sendbackup: info RECOVER_CMD=/usr/bin/smbclient -f... -
sendbackup: info end
? NT_STATUS_ACCESS_DENIED opening remote file \backup_tony\archi
previsionnel B1 B2 sauvegarde.vsd (\backup_tony\)
? NT_STATUS_ACCESS_DENIED opening remote file \backup_tony\archi
sauvegarde B1 B2.vsd (\backup_tony\)
I also have this kind of problem on many samba clients. This comes from
the rights assigned to the files created inside the shares. Sometimes,
these files get some very closed rights, and even your backup user can't
read them.
What I have done is maybe not the best, but works fine : I have created
on every client host a local backup user (let's call him backupUser),
and I added it in the ***LOCAL*** administrators group.
You don't need this, you could give to the backupUser all the rights on
all the files to be backup up, but as I said, at each new creation of a
file, you would have to check these rights again.
From a security point of view (if we can speak about security in a
windows world...), I think this is not a big breach to create a local
user that can read every file on the computer.
Comments are welcome.
(Sympa de voir qu'il y a aussi des francophones sur cette liste)
--
Nicolas Ecarnot
|
|
|
