netbsd-help: Re: Dump questions

Subject: Re: Dump questions
To: Brian C. Grayson <bgrayson@ece.utexas.edu>
From: Simon Burge <simonb@telstra.com.au>
List: netbsd-help
Date: 07/16/1998 10:06:02
On Wed, 15 Jul 1998 10:25:34 -0500 (CDT)  Brian C. Grayson wrote:

>   I have a few questions about dumping to tapes:
> 
>   1.  Does one need to be in single-user mode when doing dumps?
>     I would assume that, if one is still multi-user, the worst
>     case is that any open files may not be backed up in a sane
>     manner.  I've been doing multi-user dumps for two years now,
>     and haven't yet run into a problem when restoring, but we
>     don't restore very often.

We've been doing multi-user dumps for years.  Our GIS application just
goes into read-only mode (ie, theoretically no file system activity),
and we dump the filesystems then.  We've had no problems with this...

>   I've recently become main sysadmin for a bunch of Suns
>   (running Solaris 2.4 and 2.5), so one of the first things I
>   did was turn a spare PC into a NetBSD dump, NFS, and YP/NIS
>   server :).  I've done a few dumps, but have some
>   Solaris-and-NetBSD-related dump questions:
> 
>   2.  Sun's ufsdump doesn't seem to support the RCMD_CMD
>       environment variable.  I'd like to disable telnet, rsh, and
>       rlogin on the NetBSD box (and just use ssh), but it
>       appears I'll need rsh to do remote dumps.  I've thought
>       of a few possibilities:
>       a.  Set up a bogus userid dumper, and run rshd as user
> 	  dumper in /etc/inetd.conf.  Make dumper have full access
> 	  privileges to /dev/*st0.  This would prevent other
> 	  users from using rsh for anything (that's the goal).
>       b.  Port some other dump program to Solaris.  I tried
> 	  compiling NetBSD's dump, since these Suns are using
> 	  ufs as their filesystem, but ran into more porting
> 	  issues than I was willing to deal with.
> 
>       Does anyone else have a secure setup that involves dumping
>       from Solaris boxes to a NetBSD box (of any flavor)?

How about using ufsdump to dump to stdout, and then ssh'ing?  Something
like:

	ufsdump 0f - /fs | ssh backupbox dd of=tape bs=someblocksize

>   And a question that's more Sun-oriented:
>   3.  After doing a level-0 backup of a Sun's /home yesterday,
>       while still multi-user, some users' files are missing. 
>       Is ufsdump that untrustworthy that it can clobber
>       existing files?  Luckily, most of the files made it to the
>       tape before being clobbered, but a couple have disappeared
>       into the ether.  (We don't believe any malicious user
>       broke in and removed these files).

Our main fileservers are Solaris boxes, and I haven't noticed this sort
of behaviour...

Simon.