Re: tar or zipping files to which you have no explicit access?

From: SunSpot (antispam_at_qklo.nil)
Date: 10/15/03 

Date: Wed, 15 Oct 2003 09:53:17 -0400

Ignore Tom.
Tom posts this same question usually once a month.
He has been given the answer a number of times, but he is either
a complete idiot or a troll.

"Marty List" <Bill.Gates@sun.com> wrote in message
news:bmgsrv$mime7$1@ID-172409.news.uni-berlin.de...
>
> "Tom Rodman" <Use-Author-Address-Header@[127.1]> wrote in message
> news:200310140905.h9E95C25012453@tigris.pounder.sol.net...
> > How can we "zip up" or tar
> > users' directories to a single archive file. We
> > do NOT want to limit the access rights end users can assign to their
> > objects. After archiving the objects into to a single
> > tar or zip file we want to be able to restore them preserving
> > original ownership and ACLs.
> >
> > We've tried granting ourselves the right to
> >
> > "backup files and directories"
> > "restore files and directories"
> >
> > The show-stopper has been "Permission denied" errors on files
> > for which we have no access rights - these could not be added to
> > the tar archive.
> >
> > We're looking for a no cost solution using our free open source tools.
My
> > guess is the solution involves granting the process
> > creating the backup file archive the proper rights.
> >
> > Clearly ntbackup can do this- but it only archives to tapes;
> > if ntbackup could archive/restore to/from a file that would be
> > fine - but it can not.
> >
> > why we do not want to restrict the permissions our end
> > users assign to their own objects:
> >
> > o eventually there will be users that violate the rules, and or insist
> > that they be allowed to do so. This can get
> > political - you can not / will not always win political skirmishes.
> > System admins are not always treated like gods by management.
> >
> > o IMHO users may have a valid reason for *not* granting the
> administrators
> > access to an object. Why should they be forced to? Our users are
> software
> > developers, perhaps they need to have very strict permissions for
code
> test
> > cases. End users deserve respect, they pay for us with their work.
> >
> > o This attitude that user's should not be able to permissions to
objects
> > they own to what ever they want is IMHO arrogant, arrogant
consistent
> > with the worst of "Microsoft culture". In contrast UNIX has no such
> > constraints - tools exist for "root" to backup all objects to a
> non-tape
> > archive regardless of their permissions or acls.
> >
> > o I can give you a specific example where a production database
requires
> a
> > all objects below a given directory have an explicit ACL value
> > that does *not* include system or administrators. If an object is
> > changed to include either of the above groups, then the application
> > will not work- at some point it will self repair by resetting all
> > the permissions on the tree so that these groups are removed.
> >
> > o another example is cygwin's ssh client, for each ssh end user, their
> > $HOME/.ssh/ dir should be set for access *only* by the user, no
> access - not
> > even read or execute to anyone else. I may not be entirely correct
> > on this one, but I know the permissions on ~/.ssh/ are quite strict
> > by design (it's a "secure shell" after all).
> >
> > o NTFS has an incredibly rich permissions capability - more so than
> UNIX.
> > To insist that administrators or system have full control to every
> object
> > "dumbs down" this richness and seems to contradict it's design.
> >
> >
> > Any help would be appreciated; pls post *and* also e-mail me.
> >
> > thanks/regards,
> > --
> > Tom Rodman
> > pls run this for my e-mail address:
> > perl -e 'print unpack("u", "\.\=\$\!T\<F\]D\;6\%N\+F\-O\;0H\`");'
>
>
> Windows 2000's ntbackup can write to a file, I do it all the time. Open
> ntbackup, open the help file, go to the search tab and search on
"command".
> This will bring up command line syntax and examples.
>
> BTW, I remember reading a post similar to this a few months ago, along a
> Symantec Norton Anti-Virus permissions direction.
>
>
>

Relevant Pages

  • Re: tar or zipping files to which you have no explicit access?
    ... After archiving the objects into to a single ... responsibility to do their own backups to prevent loss (assuming that is the ... System admins are NOT gods, and should not be treated as such. ... perhaps they need to have very strict permissions for code ...
    (microsoft.public.win2000.file_system)
  • Re: tar or zipping files to which you have no explicit access?
    ... After archiving the objects into to a single ... responsibility to do their own backups to prevent loss (assuming that is the ... System admins are NOT gods, and should not be treated as such. ... perhaps they need to have very strict permissions for code ...
    (microsoft.public.win2000.cmdprompt.admin)
  • Re: tar or zipping files to which you have no explicit access?
    ... After archiving the objects into to a single ... responsibility to do their own backups to prevent loss (assuming that is the ... System admins are NOT gods, and should not be treated as such. ... perhaps they need to have very strict permissions for code ...
    (microsoft.public.win2000.security)
  • Re: tar or zipping files to which you have no explicit access?
    ... not possible to hide anything from Administrators. ... archive regardless of their permissions or acls. ... If one cannot set up ACLs to work the way he/she want, ... After archiving the objects into to a single ...
    (microsoft.public.win2000.cmdprompt.admin)
  • Re: tar or zipping files to which you have no explicit access?
    ... > users' directories to a single archive file. ... > do NOT want to limit the access rights end users can assign to their ... After archiving the objects into to a single ... perhaps they need to have very strict permissions for code ...
    (microsoft.public.win2000.security)
Quantcast