Re: User access & security
- From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
- Date: Thu, 04 Oct 2007 14:43:24 -0500
On 04 Oct 2007, in the Usenet newsgroup comp.os.linux.security, in article
<4704dce6$0$26400$88260bb3@xxxxxxxxxxxxxxxxx>, CWO4 Dave Mann wrote:
I'm concerned about the "start from scratch" advice. I've experimented
with the concept of taking an otherwise good system -- and one where
everything is "just like I want it to be" and then reloaded the ubuntu
system from a DVD which I had just burned with the most current ISO from
the Deb site. In each case, the box lost just about all of the settings
I had made to it and to really make things a pain, I got the "$HOME is
being ignored ... change permissions to 644..." so that user settings
were NOT preserved.
Well, yeah - you reinstalled the system, and things are now in the
default mode. Our backups don't restore to the distribution default,
but rather to the latest company approved configuration that our admins
spent weeks setting up (and maybe years refining it to the current form).
Then we take the customized data that may have been on this system and
(after vetting it if there was a chance of compromise) restore that to
bring the system back to the known good setup.
Now, what the permissions in home look like (some default to 644, other
to 640 - I don't know what you had, and what security nanny may be
running to screw things up otherwise) what application are you running
that is ignoring permissions on a restore?
This even through the entire home/user directory was dd moved from the
backup hd.
Do you literally mean '/bin/dd if=/source/of/backup of=/home/user'?
That's not the way I'd be doing it.
I have also copied a dd image back and forth to test a complete system
restore and found that there is ALWAYS some glitch which prevents the
system from going back to where it was, only with a clean OS.
257722 Apr 12 2006 Linux-Complete-Backup-and-Recovery-HOWTO
although this subject gets lots of coverage in popular magazines.
Obviously something isn't right, but I don't know enough about what
you may be doing to say why. Some of the problems may be due to
inappropriate tools/helpers (or let's just say stuff that isn't doing
the job the way you expect it to be done). Example, changing ownership
of files invariably removes S[UG]ID permissions - that's a security
feature.
Sorry to carry on like this, but I have just not had good luck with full
system restores over the past 10 years of using Linux. If it is any
consolation to me, none of our shop's Windows machines (which are long
gone since we switched to only Linux) nor the two BeOS machines were any
different. There is "always" something ...
"Dave, I can't let you do that..." ;-)
Old guy
.
- References:
- User access & security
- From: Mark
- Re: User access & security
- From: goarilla
- Re: User access & security
- From: CWO4 Dave Mann
- User access & security
- Prev by Date: Re: User access & security
- Next by Date: Re: IPTables Prerouting
- Previous by thread: Re: User access & security
- Next by thread: Re: User access & security
- Index(es):
Relevant Pages
|
