ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ADSM and DFS

1997-01-20 05:31:50
Subject: Re: ADSM and DFS
From: Rainer Strunz <Rainer.Strunz AT LRZ-MUENCHEN DOT DE>
Date: Mon, 20 Jan 1997 11:31:50 +0100 
Tina,

to let ADSM backup your DFS files you have to deal with DFS-ACL.
It can be done creating an appropriate adsm-backup principal and
setting all DFS-ACLs accordingly. It's even possible to set up
ADSM schedules using a valid ticket, but nevertheless we (formerly)
decided to go another way.

LFS/DFS filesets may be accessed in a second way but via /:.
On the DFS file server holding a fileset physically, local root
may set up an alternate path to the DFS files within that particular
fileset and may that way manipulate any file therein circumventing
DFS ACLs. This means that the root user of a DFS file server is able
to read (and delete!) DFS files despite their DFS-ACL protection,
which is a very important security issue.

The technique of accessing a fileset without DFS is by mounting
the fileset of an aggregate and using the mount point's path to
access individual files within the mounted fileset. The mount
itself is easily accomplished by the mount command using appropriate
option and node parameters. Please have a look at your manuals or,
even better, redbooks how to set up the command line correctly.
After you have found out the right syntax you simply may add an
appropriate stanza to /etc/filesystems to simplify the mount procedure.

Once this path to LFS/DFS filesets is established an ADSM scheduler
running under root may be used to back up DFS filesets by file, not
as a whole in contrast to the fileset dump. Due to the complexity of
this procedure restoring files using this method cannot be left to the
individual users. It should be done by the administrators of the DFS
file servers, who - in case of a file restore - have to find out the
involved fileset and the right backup path name before initiating a
restore command, which of course, then just can restore the content
of a file - and not its ACLs.

Finally, please consider, that backing up a file using the LFS-mount
path is different from using the ordinary DFS path file name. In that
case ADSM will keep two files in different file spaces - if you set up
virtual mount points for each mounted fileset, which is strongly
recommended.

Hope, this helps.
Rainer
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: NT support, Eric van Loon
Next by Date:  Desktop licence, Eric van Loon
Previous by Thread:  Re: ADSM and DFS, Hilton Tina
Next by Thread:  ADSM Client for LINUX, James Purdon
Indexes:  [Date] [Thread] [Top] [All Lists]