Xref: utzoo comp.unix.internals:2579 comp.unix.admin:1637 Path: utzoo!utgpu!news-server.csri.toronto.edu!utcs.toronto.edu!cks Newsgroups: comp.unix.internals,comp.unix.admin From: cks@hawkwind.utcs.toronto.edu (Chris Siebenmann) Subject: Re: Unix security additions Message-ID: <1991Apr19.165250.7933@jarvis.csri.toronto.edu> Followup-To: comp.unix.admin Organization: Ziebmef home away from home References: <6783@awdprime.UUCP> <1991Apr18.042212.11738@Think.COM> <536@playroom.UUCP> <72743@brunix.UUCP> Date: 19 Apr 91 20:52:50 GMT Lines: 37 sgf@cfm.brown.edu (Sam Fulcomer) writes: [In a discussion of secure backups if you don't necessarily trust your operators:] | Why bother having the operator log in? Have the machines reboot at | backup time, but with the backup program switched on in the rc (or | inittab, or whatever...). After backups are done the machine can come | up normally. Fine if you want to encrypt the dump, too. We do something very similar to this, although for different reasons (and without the encryption) on a set of student systems. We have Exabytes for backups, and I wanted to do the backups in single-user mode. However, the student systems don't have operators around them 24 hours a day; the site person works 9 to 5. The solution was to write a script that backed up everything (with error checking and logs) to tape, and another script that did some setup, touched a file off in a mounted filesystem, and started up a shutdown to single-user mode at some future time. When the system goes single-user, it runs /.profile, which checks to see if the file exists; if so, it runs the backup script and then reboots multiuser. So the site person pops the right tape into the drive and queues up the shutdown-backup before he goes home. Sometime later (typically midnight these days) the system goes down to single-user mode, backs stuff up, ejects the tape, and goes back to multi-user mode, all without anyone around. It's quite nice and very convenient. But, you ask, what happens if the system crashes and comes up single- user in the meantime -- won't it start running the backups? That's why the trigger file is off in a mounted filesystem, instead of on the root partition; if the system crashes and reboots single-user, that partition won't be mounted when /.profile is run, so nothing bad happens. -- "This will be dynamically handled, possibly correctly, in 4.1." - Dan Davison on streams configuration in SunOS 4.0 cks@hawkwind.utcs.toronto.edu ...!{utgpu,utzoo,watmath}!utgpu!cks