SUMMARY: solstice backup: operators cannot recover user files

From: Umit Dericioglu (umit@ksu.edu.sa)
Date: Tue Mar 07 2000 - 08:43:25 CST


Many thanx to

Bismark Espinoza, benedetto lo giudice,
Michael Hocke, Tim Pointing and especially to Stuart
Whitby who was very helpful.

The answer can summarized as:

[For users who are not root] the normal Unix mode bits must
allow you to read the file in order to recover it. Files with an
ACL must be recovered by their owner.

You can recover to places where you have permission to recover,
you can recover files that you have permission to read, and
ownership of recovered files will be taken by the recovering user,
unless that user is root. (Stuart)

When the manual says that "root, operator or the ones in the operator group
can recover any files on any client", this is permissions granted to use the
restore facility. Whether the user running nwrecover can actually create the
file in a directory is still determined by the operating system. If need be,
the "operator" could recover a file to some writable directory (using
"Relocate") and then have the end-user copy the file from that location
(Tim Pointing)

Conclusion:

Even if we are to use "relocate" to write to a directory where
operator is permitted to, users' files in their home
directories cannot be recovered by operator, since operator
has no read permission for those files. So the bottomline
is if you don't want users to recover their own files
(this is our case), and if you don't want to give root
authority to operators (we don't), the only way to recover
user files is that sysadmins with root authority
will have to do the recovery. (sigh)

Umit Dericioglu



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:04 CDT