Monday, November 21, 2005

UNIX Permission Issues

Awhile back I ran into an issue with how TSM handles permissions on UNIX files and wanted to get some feedback from you readers out there on how you would handle it.  What happened was a user somehow was given root and he chown’ed the /home dir recursively.  It was made worse by the fact that he did that on Friday and didn’t alert anyone until the following Monday, and by the time it got to us another day had passed.  The customer of course wanted us to restore the directory and file permissions, but the kicker was that TSM does not back a UNIX file up again when the permissions change.  It just updates the database to reflect the permission changes (I got that directly from support and was floored; I had no idea it handled UNIX that way).  So here was our dilemma, if the file was the only version in backup I would not have any way of resetting its permissions.  Is the gravity of the situation hitting home?  Because it doesn’t backup the file again or track permissions I could not successfully restore to a point-in-time.  Sure I might get a good portion of the files fixed but there would still have been a large portion that we would be unable to get the permissions corrected.  The customer wasn’t happy and our only out was that the customer should not have been doing chown‘s as root.  I thought I once saw someone post a undocumented option you can set in the options file that will backup a file if it changes in any way, permissions included, but I can’t find it.  I thought I saw it on the new ADSM.org but am unable to locate it.  Anyone know the option or have an idea on how to approach this?  I brought it up with some Tivoli people who asked me what I thought should be added or changed in TSM, but so far I haven’t seen any change in their processing.          

2 comments:

  1. I don't understand what the problem is.
    Could you show me an example?

    ReplyDelete
  2. Well look at it this way. Say you have your home directory and alot of files within it. Some of those files TSM has only one copy of because previous versions expired or the file never changed after it was created. When UNIX permissions change on the file TSM sees that and updates the permission settings in TSM, IT DOES NOT BACK THE FILE UP AGAIN! UNIX does this NT does not according to Tivoli support. The problem is that you do not have any way of getting the settings for those files that have no previous version. So in this case the data itself is fine but the permissions are a mess and there is no way TSM can rectify it. One of the biggest pieces TSM needs is the ability to reapply permissions not only in UNIX but NT as well. With the known chkdsk bug in NT permissions get stripped and the only answer is to either restore the dir structure and hope the files inherit there permissions or to restore each file to the data before the change occured (if it existed before it occurred). With UNIX it can be worse since at least with Windows the file backs up again, but in UNIX it could be the only file and now I have no idea what the settings were.

    ReplyDelete