Backups

We're using dump across our network to backup our filesystems to a 4mm tape on one of our systems. There are some security issues with this.

dump needs to run with access to the physical disk. The SGIs have these devices set to mode 0600 and owned by root. Hence, only root can read them. Therefore, the dump process must be run by root.

(I suppose you could chown the disk devices to 640, and make them group-owned by, say, operator. Then you could create a user -- maybe named backup -- who is part of group operator. Then the dump could be run out of cron by backup).

What I've done is create a user backup in group other (for now) on zeus, the machine with the tape device. User root must still run the dump, but specifies the dump output file as backup@zeus:/dev/nrtape.

On our system, /dev/tape is the same as /dev/mt/tps0d2nsv (rewinding). It is a 4mm data cartridge.

Currently, we're using the following command to do the dump:

dump 0udsbf 54000 12000 126 backup@zeus:/dev/nrtape

There seems to be a conflict in the recommendations on blocking size on the SGI versus SunOS. We'll have to resolve this...


Chris Shenton