ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Don't want to backup remote filesystems

1999-04-09 09:11:57
Subject: Re: Don't want to backup remote filesystems
From: Eliza Lau <lau AT VTCAT.CC.VT DOT EDU>
Date: Fri, 9 Apr 1999 09:11:57 -0400 
Thanks Bruce, for the advice.  I have a feeling that we can't win.  We charge
the departments per client to back up their machines, not the amount of data
being backed up.  As a University Computing Center, we have an operating budget
and don't need a charge-back system to cover the cost of running ADSM.
However, we expect our users not to abuse their privileges.

------------------------------------------------------------------------------
 Eliza Lau
 Eliza Lau
 Virginia Tech Computing Center                email : eliza.lau AT vt DOT edu
 Virginia Polytechnic Institute & State University
 1700 Pratt Drive
 Blacksburg VA 24060                           phone : (540) 231-9399
------------------------------------------------------------------------------
>
>
> You can try using client option sets to put in place something.
>
> You can put in excludes.  Include/exclude lines are additive, but I'm not 
> sure of
> the effective order.  Hopefully include/exclude statements from the client 
> option
> set go 'below' the ones on the client and thus override.  I recall Rejean 
> Larivee
> posting what order they are applied, I think.  Unfortunately the grad student 
> could
> always NFS mount under a different mount point and subvert this.
>
> Domain statements may be how he will have this stuff backed up, but they only
> affect incremental backups that don't specify filesystems explicitly, thus 
> anthing
> you do with domain statements could get ignored by the student doing things 
> like
> 'dsmc i /nfsmnt/systemX/data'.
>
> There are all sorts of things he can do to subvert your control.
>
> Conversely, you could do things like schedule the restore of a script that 
> you've
> built on another system then schedule the running of that script; in other 
> words,
> as long as he runs the scheduler you can get root on his system.
>
> Essentially, if it is a pissing war between a client owner who understands 
> ADSM and
> has root on his machine and an ADSM administrator who wants to control 
> things, then
> everyone is going to lose.
>
> Cheers...
> Bruce
>
> Eliza Lau wrote:
>
> > Hi ADSMers,
> >
> > Is there a way to block the backup of NFS mounted filesystems?  We have a
> > user who is thinking of sneaking in GB of data through NFS mounting
> > the filesystems on all the machines in his lab onto one client that we
> > are backing up for him.  The graduate student who works for this guy asked
> > me how to set it up in dsm.opt.  I want to block this before he figures it 
> > out.
> >
> > client - Digital Unix
> > server - AIX running adsm server 3.1.2.13
> >
> > Thanks in advance
> >
> > ------------------------------------------------------------------------------
> >  Eliza Lau
> >  Virginia Tech Computing Center                email : eliza.lau AT vt DOT 
> > edu
> >  Virginia Polytechnic Institute & State University
> >  1700 Pratt Drive
> >  Blacksburg VA 24060                           phone : (540) 231-9399
> > ------------------------------------------------------------------------------
>
> --
> Bruce Elrick, Ph.D.
> mailto:belrick AT home DOT com
> http://members.home.net/belrick/
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Problem deleting a disk storage pool volume, Neil Sharp
Next by Date:  Re: Performance on Solaris E10K, DAVID HENDRIX
Previous by Thread:  Re: Don't want to backup remote filesystems, Bruce Elrick
Next by Thread:  Re: Don't want to backup remote filesystems, Richard Sims
Indexes:  [Date] [Thread] [Top] [All Lists]