Jens Theisen schreef:
I don't have a problem this time, but I'm curious:
The dump user on the clients is not required to have the permissions to
read what he's backing up - read access to the devices is sufficient.
Still, we can exclude file-wise and have a TOC on the server afterwards.
How does this actually work? Sure, the information can be retrieved from
the devices in principle, but only if one understands the underlying
filesystem. Remounting should also be disallowed I presume.
There are two issues here.
If you backup with dump, then you need read access to the device files.
This is usually done by putting the amanda user in the same group as the
device file and getting the group permission of the device file at
least readable. Dump cannot exclude files.
When you use GNU-tar to backup, Amanda uses a suid-root executable
"runtar" in libexec. So amanda has effectively root access to the
filesystem. GNU-tar is able to exclude files.
The TOC on the server is generated by duplicating the output stream
of dump or gnutar, and piping one stream to 'restore -t' or 'tar -t'.
--
Paul Bijnens, Xplanation Tel +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM Fax +32 16 397.512
http://www.xplanation.com/ email: Paul.Bijnens AT xplanation DOT com
***********************************************************************
* I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, F6, *
* quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, *
* kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... *
* ... "Are you sure?" ... YES ... Phew ... I'm out *
***********************************************************************
|