From owner-freebsd-questions Wed Nov 17 7:10:53 1999 Delivered-To: freebsd-questions@freebsd.org Received: from plains.NoDak.edu (plains.NoDak.edu [134.129.111.64]) by hub.freebsd.org (Postfix) with ESMTP id 2FEF214E49 for ; Wed, 17 Nov 1999 07:10:43 -0800 (PST) (envelope-from tinguely@plains.NoDak.edu) Received: (from tinguely@localhost) by plains.NoDak.edu (8.9.3/8.9.3) id JAA21239; Wed, 17 Nov 1999 09:10:37 -0600 (CST) Date: Wed, 17 Nov 1999 09:10:37 -0600 (CST) From: Mark Tinguely Message-Id: <199911171510.JAA21239@plains.NoDak.edu> To: mark@whetstonelogic.com, questions@FreeBSD.ORG Subject: Re: Backup several hosts with dump Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I guess my question then becomes: is there a way I can enable the > computers to log on to each other as needed without sacrificing > security? you can minimumize the exposure by running the backup program using a regular account (for example "rbackup") on the tape and client machines. you need to change the permissions of rdump on the client machines to be setuid root, executable by group "rbackup", and not executable by others; the group for each slice that you wish to backup must also be "rbackup"; "rbackup" should own /etc/dumpdates also (these chmod instruction can be done by root from cron on at the needed time only to also limit exposure, also there needs to be a "~rbackup/.rhosts" on the client machine listing the tape machine's "rbackup" account, this can be placed in by cron) on the tape machine, the ownership of dump should be changed, the tape device needs to be owned by "rbackup", the group of the slices need to be "rbackup", and the appropriate client machine needs an entry in "~rbackup/.rhost"s file (all of these changes can be updated by cron, but keep the machines times synced). the tape machine can run a script file that does the backup: #!/usr/local/bin/bash case `date| awk '{print $3}'` in 1 | 2 | 3 | 4 | 5 | 6 | 7) level=0;; 8 | 9 | 10 | 11 | 12 | 13 | 14) level=1;; 15 | 16 | 17 | 18 | 19 | 20 | 21) level=2;; 22 | 23 | 24 | 25 | 26 | 27 | 28) level=3;; 29 | 30 | 31) level=4;; esac # uncomment below to force a full backup #level=0 echo "Start of level ${level} backup." echo "dumping host: client1" /usr/bin/rsh -n client1 /sbin/rdump ${level}usdf 39400 61000 tapemachine:/dev/nrsa0 /dev/rwd0s1a sleep 5 ... sleep 5 /usr/bin/rsh -n client1 /sbin/rdump ${level}usdf 39400 61000 tapemachine:/dev/nrsa0 /dev/rwd0s1g echo "dumping host: tapemachine" /sbin/dump ${level}usdf 39400 61000 /dev/nrsa0 /dev/rda0s1a ... /sbin/dump ${level}usdf 39400 61000 /dev/nrsa0 /dev/rda0s1g ... echo "dumping host: clientN" /usr/bin/rsh -n clientN /sbin/rdump ${level}usdf 39400 61000 tapemachine:/dev/nrsa0 /dev/rwd0s1a sleep 5 ... sleep 5 /usr/bin/rsh -n clientN /sbin/rdump ${level}usdf 39400 61000 tapemachine:/dev/nrsa0 /dev/rwd0s1e mt -f /dev/nrsa0 stat mt -f /dev/nrsa0 off echo "End of level ${level} backup." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message