Veritas-bu

[Veritas-bu] .SeCuRiTy.n files in / on Solaris

2003-03-03 11:24:01
Subject: [Veritas-bu] .SeCuRiTy.n files in / on Solaris
From: adamlapizza AT hotmail DOT com (adam lapizza)
Date: Mon, 3 Mar 2003 11:24:01 -0500
Hi,

It's most likely NT/W2K ACL's, or some other stuff which NBU would need to
save to do a fully correct restores on Windows, but is not supported by tar.
So this "other" data is stored on tape in a file (.SeCuRiTy*). Normally, the
NetBackup tar process on the client would handle translating this back into
whatever it was in the first place. Looks like the Solaris client tar
doesn't know what to do with it (or it doesn't make sense to do anything
with it), so it just tries to restore it as a file. Solaris doesn't do
anything with NT/W2K ACL, and we know that some metadata is stored in
special format in the tar stream when necessary.

Check out the section on "Reading Backup Images with tar" in Appendix C page
610, and that should give you a good picture.

>From VERITAS NetBackup User Guide Page 142.

Any administrator on any NetBackup server can direct a restore to the client
that backed up the files. The administrator can also perform an alternate
client restore-that is, files backed up from one NetBackup client can be
restored to another NetBackup client, of the same type. Server-directed
restores can be useful, for example, if users do not have permission to
restore the files themselves. Files or raw partitions can be restored to any
client, of the same type, that backed up the files.

In other words cross-platform restores are not supported by NetBackup, and
that is why you cannot get a successful restores W2K to Solaris box.

I hope this helps.

Adam.

----- Original Message -----
From: "Johnson, Tony -Research" <gjohnson AT ADMWORLD DOT com>
To: "'Steven L. Sesar'" <ssesar AT mitre DOT org>; "Cord Beermann"
<cord.beermann AT telefonica DOT de>
Cc: <veritas-bu AT mailman.eng.auburn DOT edu>; "Geof Milstein"
<Geof.Milstein AT veritas DOT com>
Sent: Monday, March 03, 2003 11:06 AM
Subject: RE: [Veritas-bu] .SeCuRiTy.n files in / on Solaris


> Can you tell us what version of Netbackup you are running and the patches
> you've installed?
>
> Please ignore the confidentiality message at the bottom of this...
> -----Original Message-----
> From: Steven L. Sesar [mailto:ssesar AT mitre DOT org]
> Sent: Monday, March 03, 2003 9:54 AM
> To: Cord Beermann
> Cc: veritas-bu AT mailman.eng.auburn DOT edu; Geof Milstein
> Subject: Re: [Veritas-bu] .SeCuRiTy.n files in / on Solaris
>
>
> Cord Beermann wrote:
> > Hallo! Steven L. Sesar hat geschrieben:
> >
> > [snip]
> >
> >
> >>I am pretty P.O'd about this, as I spent the last hour or so tracking
> >>this down. I was minutes away from turning my disks over to Infosec.
> >
> >
> > It's nice to know when you are not the only who tries to figure out
> > how that /&§&%§"%& cracker hacked into the Backupserver. BTDT.
> > including hyperventilating.
> >
> >
> >>Can someone please tell me why the engineers at Veritas decided it was a
> >>great idea to write files that look suspiciously "warez-y" to /,
> >>nonetheless, and leave this little detail undocumented (at least, I
> >>can't find any reference to this)?
> >
> >
> > It is somewhere in the archive of this mailinglist.
>
> That's cool, but A) this list is not documentation and B) it's
> ridiculous that this $$$$$ product writes files like that, anyway.
>
>
> >
> >
> >>In the event that any of you see this on your machines, what created
> >>them was a test restore of some NT files onto my master server. We were
> >>having a problem with a restore, so I decided to test the sanity of the
> >>image itself by restoring locally to my master server, which obviously
> >>worked.
> >
> >
> > the .SeCuRiTy-Files contain some additional information of the
> > access-rights.
>
> I dunno:
>
> [netbackup1]-/root# strings /.SeCuRiTy.94
>
> dxpP3P
> dxpP
> dxpP
> dxpPI
> dxpP3P
> dxpP
> dxpP
> dxpPI
> dxpP3P
> dxpP
> dxpP
> dxpPI
> dxpPj
> dxpP
> dxpP
> dxpP3P
> dxpP
> dxpP
> dxpPI
> [netbackup1]-/root#
>
> >
> >
> >>IMHO, this is shoddy and careless SW engineering, made even worse by
> >>lack of documentation this behavior.
> >
> >
> > Yup. there are some more 'nice' features of this kind in it.
> >
> > Cord
>
>
> --
> ===================================
>
> Steven L. Sesar
> Ops. Sys. Programmer/Analyst, Sr.
> Application Operations R10A
> The MITRE Corporation
> 202 Burlington Road - R101
> Bedford, MA 01730
> tel: (781) 271-7702
> fax: (781) 271-2600
> email: ssesar AT mitre DOT org
> mobile: (617) 893-9635
>
> ===================================
>
>
>
> _______________________________________________
> Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
>
> CONFIDENTIALITY NOTICE:
> This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is privileged,
> confidential and exempt from disclosure under applicable law.  If the
reader
> of this message is not the intended recipient or the employee or agent
> responsible for delivering this message to the intended recipient, you are
> hereby notified that any dissemination, distribution or copying of this
> communication is strictly prohibited.
> If you have received this communication in error, please notify us
> immediately by email reply or by telephone and immediately delete this
> message and any attachments.  In the U.S. call us toll free at (800)
> 637-5843.
> Spanish, French, Quebecois French, Portuguese, Polish, German,
> Dutch, Turkish, Russian, Japanese and Chinese:
> http://www.admworld.com/confidentiality.htm.
>
>
>
> _______________________________________________
> Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
>