"ACL's" is a Windows term but access control by groups is common to
Windows and Linux/Unix. You use root but in Networker its root@host and
in your DR environment the host will be different than the host that
exists on tape.

Thanks,

Dana

-----Original Message-----
From: EMC NetWorker discussion [mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU] On
Behalf Of Stan Horwitz
Sent: Wednesday, January 16, 2008 11:25 AM
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: Re: Tips for doing a DR at SunGard

On Jan 16, 2008, at 11:20 AM, Greggs, Dana wrote:

> Stan,
>
> Unless I missed it are you saying that you have no security context in
> place when you backup your data? And that you have no restrictions in
> place as to who can recover your data? I run in a mixed environment  
> but
> at times even I have security issues recovering data in the same
> environment that it was backed up in. As an example an account may  
> have
> enough privileges to backup the data but not have sufficient  
> privileges
> to restore the data. (On Windows SYSTEM can often backup the data but
> not be able to restore it <especially in Windows 2003>)One major  
> benefit
> for me with Networker is that it preserves the security context of the
> data on tape. You may be able to scan the data in but you won't be  
> able
> to actually use it which mutes the point.
>
> The reason why all the DR guides tell you to recover the Networker
> Server first is because the Server you build to recover the data has  
> no
> access to what was backed up in the Production environment. It's not  
> in
> an ACL or access group anywhere on tape.

Quite honestly, I wouldn't know how to implement such security  
constraints in our production environment. The account we use in  
production to back up the data on the client is the root account and  
that's what we use on our NetWorker server. Our storage node that  
handles this backup and the client sit behind a firewall with  
extremely limited access on how is authorized to access the machines  
involved and the network on which they sit. We do not use any ACLs.

To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the body of the email. Please write to 
networker-request AT listserv.temple DOT edu if you have any problems with this 
list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER