RE: AFS backup/restore using ADSM

Mon, 02 Oct 2000 13:17:36 -0700 

On Mon, 2 Oct 2000, Jan Hrabe wrote:

// >
// > Has anyone succeeded in doing backups of AFS using ADSM,
// > from which you can  recover  both volumes and their mount points?
// >
// > If so, we would welcome more information as to how this
// > was accomplished.  Thanks.
// >
// > --
// >
// > **************************************************************************
// >  Morris Strongson, RHIC, USAtlas Projects    Telephone:   (631)344-4192
// >  Information Technology Division (fka CCD)   Facsimile:   (631)344-7688
// >  Brookhaven National Laboratory              Internet:    [EMAIL PROTECTED]
// >  Building 515, Upton, NY 11973-5000          WWW:  http://www.ccd.bnl.gov/
// > **************************************************************************
// 
// We use TSM's AFS-capable client to back up the AFS space.
// It respects the AFS permisions and mount points, the only problem
// is that it needs the admin token and, unfortunately, there is no
// equivalent of the "-localauth" option. I did not want to store
// the password in a file so after the machine (AIX AFS+TSM server)
// boots, I manually start a daemon that renews the admin token for
// root every 10 hours or so. I hope it's secure since the root
// on this machine has local AFS server access anyway. I can send you
// the source core or post it here if you want.
// 

We solved this by making the backup machine a pts user w/ privs in the
areas of AFS we needed backed up.

Create a pts user with the IP address of the backup machine.  Then create
a group (i.e 'backup') and make the IP address a member.  Then set a write
ACL in every dir, and tell users not to remove it.  By doing this, your
backup server has access to backup or restore w/o needing a token.  The
downside is that if someone hacks your server, they can do whatever they
want in AFS; so batten down the hatches...

-
Best regards,
Brian

+-----------------------------------------------------------------------+
| Brian T. Huntley                         Systems and Network Engineer | 
| Campus Information Services, Clarkson University                      |
| Ph/FAX: 315.268-6723/6570                                             |
| [EMAIL PROTECTED]                                 www.clarkson.edu/cis |
+-----------------------------------------------------------------------+
 UNIX *is* user friendly. It's just selective about who its friends are.
        PGP Public Key available. finger [EMAIL PROTECTED]


// Jan Hrabe
// Department of Medical Physics
// Nathan Kline Institute
// 
//

Reply via email to