Monday, November 21, 2005
UNIX Permission Issues
Awhile back I ran into an issue with how TSM handles permissions on UNIX files and wanted to get some feedback from you readers out there on how you would handle it. What happened was a user somehow was given root and he chown’ed the /home dir recursively. It was made worse by the fact that he did that on Friday and didn’t alert anyone until the following Monday, and by the time it got to us another day had passed. The customer of course wanted us to restore the directory and file permissions, but the kicker was that TSM does not back a UNIX file up again when the permissions change. It just updates the database to reflect the permission changes (I got that directly from support and was floored; I had no idea it handled UNIX that way). So here was our dilemma, if the file was the only version in backup I would not have any way of resetting its permissions. Is the gravity of the situation hitting home? Because it doesn’t backup the file again or track permissions I could not successfully restore to a point-in-time. Sure I might get a good portion of the files fixed but there would still have been a large portion that we would be unable to get the permissions corrected. The customer wasn’t happy and our only out was that the customer should not have been doing chown‘s as root. I thought I once saw someone post a undocumented option you can set in the options file that will backup a file if it changes in any way, permissions included, but I can’t find it. I thought I saw it on the new ADSM.org but am unable to locate it. Anyone know the option or have an idea on how to approach this? I brought it up with some Tivoli people who asked me what I thought should be added or changed in TSM, but so far I haven’t seen any change in their processing.