Re: [ADSM-L] Linux permissions not restored

Thanks Andy and Zoltan for your reply!
Indeed this makes TSM not suitable for rolling back security errors. In fact, 
when you change security attributes you won't be able to recover your system to 
anything but the last backup state. No more point-in-time. Ok yes, you can 
restore your files back to a point in time, but your server isn't, because of 
the incorrect permissions.
Personally if find this a flaw of the product...
Kind regards,
Eric van Loon
AF/KLM Storage Engineering

-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Andrew Raibeck
Sent: donderdag 12 maart 2015 15:38
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: Linux permissions not restored

Hi Eric,

On UNIX and Linux systems, if only file permissions have changed, then the 
latest backup copy is updated with the changed permissions; it is not backed up 
again in full.

>From the online documentation at
http://www-01.ibm.com/support/knowledgecenter/SSGSG7_7.1.1/com.ibm.itsm.client.doc/c_bac_fullpart.html:

Files are backed up when any of the following attributes change:
   * File size
   * Date or time of last modification
   * Extended Attributes
   * Access Control List

If only the following attributes change, the attributes are updated on the 
Tivoli Storage Manager server, but the file is not backed up:
   * File owner
   * File permissions     <== This one
   * Inode
   * Group ID
   * Change time (ctime) attribute. See the updatectime option for details.
   (AIX and Linux only)
   * Icon location (Mac OS X only)
   * Type or creator (Mac OS X only)

Best regards,

- Andy

____________________________________________________________________________

Andrew Raibeck | Tivoli Storage Manager Level 3 Technical Lead | storman AT 
us.ibm DOT com

IBM Tivoli Storage Manager links:
Product support:
http://www.ibm.com/support/entry/portal/Overview/Software/Tivoli/Tivoli_Storage_Manager

Online documentation:
http://www.ibm.com/support/knowledgecenter/SSGSG7/welcome
Product Wiki:
https://www.ibm.com/developerworks/community/wikis/home/wiki/Tivoli%20Storage%20Manager

"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 2015-03-12
10:25:47:

> From: "Loon, EJ van (ITOPT3) - KLM" <Eric-van.Loon AT KLM DOT COM>
> To: ADSM-L AT VM.MARIST DOT EDU
> Date: 2015-03-12 10:26
> Subject: Linux permissions not restored Sent by: "ADSM: Dist Stor 
> Manager" <ADSM-L AT VM.MARIST DOT EDU>
>
> Hi guys!
> Yesterday someone accidentally changed permissions on one of our Lotus 
> Notes servers. A new backup was made yesterday evening, but we cannot 
> restore the file with the old permissions. The client shows only one 
> active file in TSM (backup date 05/17/2013) and when this one is 
> restored the permissions are the same as today.
> The file looked like this the day before yesterday:
> -r-sr-xr-x 1 root bin 9092 Sep 16 2011 /app/LOTUSDOMINO/groupware/ 
> bin/slg14gpw/lotus/notes/85030/linux/bindsock
> This is the file after the restore:
> -r-xr-xr-x 1 slg12gpw dominoadm 9092 Sep 16 2011 /app/LOTUSDOMINO/ 
> groupware/bin/slg12gpw/lotus/notes/85030/linux/bindsock
> Why isn't it possible to restore the right permissions, even with the 
> pitdate parameter? And why do I only see one file in TSM? I would 
> expect two (one with the old permissions and one with the new)...
> Thanks for any help in advance!
> Kind regards,
> Eric van Loon
> AF/KLM Storage Engineering
> ********************************************************
> For information, services and offers, please visit our web site:
> http://www.klm.com. This e-mail and any attachment may contain 
> confidential and privileged material intended for the addressee only. 
> If you are not the addressee, you are notified that no part of the 
> e-mail or any attachment may be disclosed, copied or distributed, and 
> that any other action related to this e-mail or attachment is strictly 
> prohibited, and may be unlawful. If you have received this e-mail by 
> error, please notify the sender immediately by return e-mail, and 
> delete this message.
>
> Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/ or 
> its employees shall not be liable for the incorrect or incomplete 
> transmission of this e-mail or any attachments, nor responsible for 
> any delay in receipt.
> Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal 
> Dutch Airlines) is registered in Amstelveen, The Netherlands, with 
> registered number 33014286
> ********************************************************
>
********************************************************
For information, services and offers, please visit our web site: 
http://www.klm.com. This e-mail and any attachment may contain confidential and 
privileged material intended for the addressee only. If you are not the 
addressee, you are notified that no part of the e-mail or any attachment may be 
disclosed, copied or distributed, and that any other action related to this 
e-mail or attachment is strictly prohibited, and may be unlawful. If you have 
received this e-mail by error, please notify the sender immediately by return 
e-mail, and delete this message. 

Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its 
employees shall not be liable for the incorrect or incomplete transmission of 
this e-mail or any attachments, nor responsible for any delay in receipt. 
Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch 
Airlines) is registered in Amstelveen, The Netherlands, with registered number 
33014286
********************************************************