"Jan Hrabe" writes:
>>
>> Has anyone succeeded in doing backups of AFS using ADSM,
>> from which you can recover both volumes and their mount points?
>>
>> If so, we would welcome more information as to how this
>> was accomplished. Thanks.
>>
>> --
>>
>> **************************************************************************
>> Morris Strongson, RHIC, USAtlas Projects Telephone: (631)344-4192
>> Information Technology Division (fka CCD) Facsimile: (631)344-7688
>> Brookhaven National Laboratory Internet: [EMAIL PROTECTED]
>> Building 515, Upton, NY 11973-5000 WWW: http://www.ccd.bnl.gov/
>> **************************************************************************
>
>We use TSM's AFS-capable client to back up the AFS space.
>It respects the AFS permisions and mount points, the only problem
>is that it needs the admin token and, unfortunately, there is no
>equivalent of the "-localauth" option. I did not want to store
>the password in a file so after the machine (AIX AFS+TSM server)
>boots, I manually start a daemon that renews the admin token for
>root every 10 hours or so. I hope it's secure since the root
>on this machine has local AFS server access anyway. I can send you
>the source core or post it here if you want.
>
We created a system:backup pts group, and put a special "backup" account in
the group. The script we use to create afs volumes automatically put
system:backup on the ACL with read permission. We wrapped "fs set acl" command
so that users cannot take system:backup away from the ACL list unless they
determined not want the backup (call fs binary directly). The backup job
runs as a cron job with "backup" user token, which last 25 hours, enough to
finish the backup job. Yes the password for backup is stored on the backup
server, but since the server access is very restricted, and backup user
doesn't have much less power as "admin" does, it's not a big security
concern for us.
Susan
--
------------------------------
Susan Feng (aka. Xueshan Feng)
339 Sweet Hall
Stanford University, CA 94305-3090
Phone: 650 723-7490
