At Fri, 28 Apr 2006 14:01:33 +0200, Bas Wijnen <[EMAIL PROTECTED]> wrote: > I think it's a very bad idea to give the system administrator read access to > all your files, just because he wants to make backups. There already is a > form which can be used for recovering, because we have a persistent system. > Making a backup should simply consist of copying the snapshot. The question > is who should have the right to do this, but it makes sense that there is at > least a capability for it. > > To get rid of the block device/files problem, only allocated parts of space > banks should be backed up, and not the entire allocatable space. Optimising > more than that will lead to security and privacy issues, I think, and it's not > important enough that we should risk that.
However, we will want a way to serialize state of many programs, and transfer it to an updated set of servers, or maybe even to a new machine (of course not possible if the state contains random capabilities). This mechanism could also be used to create backup of selected configurations. I think that this is important enough for partial recovery that it must be considered. Because you can not restore a backup of the whole machine just because one user lost an important file. Of course, there are other solutions like versioned file systems. This requires much more thought. Thanks, Marcus _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
