Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ACLs in inode #bla won't be dumped

2005-09-26 19:53:10
Subject: Re: ACLs in inode #bla won't be dumped
From: Jon LaBadie <jon AT jgcomp DOT com>
To: amanda-users AT amanda DOT org
Date: Mon, 26 Sep 2005 19:39:34 -0400 
On Tue, Sep 27, 2005 at 07:44:01AM +0900, David Leangen wrote:
> 
> Thank you for all the replies! Comments inline...
> 
> > Just a WAG, perhaps some of your files have access control
> > list permissions that prevent even root from reading them.
> 
> Ok, I'll check that out. Maybe it has something to do with SELinux...
> 

Good possibility.  One of the first things a "secure" unix system
generally does is remove the notion of a "super-user".

At a local linux users group last week I heard SELinux described as
"so secure you can't do anything".

> > First, please realize that it's your dump program reporting this,
> > not Amanda.  Amanda is just echoing the messages through.
> 
> Yeah, I kind of figured this, but thought this would be a good place to ask.
> Hope you don't mind...

No, but keep in mind the docs for your system are at your end.
Could be more efficient if you had an idea to investigate it there.

> 
> > What kind of OS is being dumped
> 
> Linux FC3
> 

If you are running SELinux features, when asked what OS, be sure to mention it.
Lots of things potentially could change.

> 
> > and what kind of dump (e.g. ufsdump, vxdump, etc)?
> 
> Hmmm... good question. How do I figure that out? In any case, I'm using the
> default dump that comes with FC3.
> 

That is what was wanted.

>   [root@sannomiya ~]# dump --version
>   dump: invalid option -- -
>   dump 0.4b37 (using libext2fs 1.35 of 28-Feb-2004)
> 
> 
> > Some versions of dump just don't do ACL's.  Vendors want
> > you to buy their spiffy proprietary backup software that
> > actually works and leave the normal stuff crippled.
> > Wonderful folks, those vendors.
> 

>From the home page of the dump/restore development group:

    An experimental patch for dump-0.4b39 can be downloaded here
    which adds EA/ACL (Extended Attributes/Access Control Lists)
    support in both dump and restore. This patch has been included
    in mainstream starting with dump-0.4b40.

Appears your release does not do ACLs, but if you upgrade your
dump/restore by 3 releases maybe the messages will go away.

> What is an "ACL" anyway? Where can I find out more about this while trying
> to figure out what's going on?

A way of setting finer grained permissions on file system objects.
Things like "Bill can read and write if he is workings as part of
group ProjectFoo but only read if a member of another group".
"Anyone in ProjectBar group can read and execute except Chris".

Start with man pages setfacl and getfacl (I think those are the names in FC3).

-- 
Jon H. LaBadie                  jon AT jgcomp DOT com
 JG Computing
 4455 Province Line Road        (609) 252-0159
 Princeton, NJ  08540-4322      (609) 683-7220 (fax)
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: ACLs in inode #bla won't be dumped, David Leangen
Next by Date:  Amanda bug tracker on sourceforge.net, Paddy Sreenivasan
Previous by Thread:  RE: ACLs in inode #bla won't be dumped, David Leangen
Next by Thread:  Re: ACLs in inode #bla won't be dumped, David Leangen
Indexes:  [Date] [Thread] [Top] [All Lists]