HPE Community
Operating System - OpenVMS
1828343 Members
3029 Online
109976 Solutions
New Discussion

Re: Backup does not create default ACL's

 
Carl Karcher
Advisor

‎03-20-2006 03:36 AM

‎03-20-2006 03:36 AM

Backup does not create default ACL's

When copying files between ODS-5 volumes, backup fails to create default ACL's if the target directory specifies them and the input files have no ACL's. In effect, it's propagating the ACL's (none) of the input files even when that makes no sense. For example, consider the directory jones has simple UIC protection with no acl's in use and directory stemcell uses resource ID's and ACL's for security. The command:

$ backup user19:[jones.data...] project0:[stemcell.data...]/by_owner=parent

will copy the files setting the owner to that of the parent directory (a resource ID in this case) however no default acl's will be created on the output files making them unusable. A second step is required to re-establish the security of the output files:

$ set security/default project0:[stemcell.data...]*.*;*

Which will propagate the default acl's down the directory. This has the negative side effect of setting all the revision dates to now. On ODS-2 volumes, using the /interchange backup qualifier would work around this issue. Now, with ODS-5 volumes, using /interchange IMPLIES /convert which is not the desired result. It would be very useful if backup had an option to create default acl's for the target files (i.e. NOT preserve the ACL's of the input files).
0 Kudos
Reply
5 REPLIES 5
Ian Miller.
Honored Contributor

‎03-20-2006 03:56 AM

‎03-20-2006 03:56 AM

Re: Backup does not create default ACL's


Parhaps you could go to
http://www.hpuseradvocacy.org/

and submit a new issue.

____________________
Purely Personal Opinion
0 Kudos
Reply
Uwe Zessin
Honored Contributor

‎03-20-2006 03:59 AM

‎03-20-2006 03:59 AM

Re: Backup does not create default ACL's

While I have no idea how to teach BACKUP do what you want, I have always had a need to reset a file's CDT + RDT. For that I wrote two procedures:

1) one procedure which uses F$FILE_ATTRIBUTES to query the creation and revision date and store it together with the file name in a data file.

2) another procedure which reads that data file and uses the |FILE| utility to change the CDT and RDT back to its old values.

I very well understand that this hides changes to a (group of) file(s) and that the changes (e.g. modification of ownership, protection mask or ACL) is not shipped in the next incremental backup.
.
0 Kudos
Reply
Bill Hall
Honored Contributor

‎03-20-2006 05:35 AM

‎03-20-2006 05:35 AM

Re: Backup does not create default ACL's

Carl,

I believe you can use backup/interchange and /by_owner=parent as an output qualifier to do what you want. Backup/interchange does not save the input files' ACL. The output files will inherit default ACEes as you would expect. I seem to recall that the /by_owner=parent was necessary.

Bill
Bill Hall
0 Kudos
Reply
Carl Karcher
Advisor

‎03-21-2006 03:11 AM

‎03-21-2006 03:11 AM

Re: Backup does not create default ACL's

Yes but that only works for ODS-2 volumes
(/interchange implies /convert)!

I'm going to open a support call on this.
0 Kudos
Reply
Bill Hall
Honored Contributor

‎03-21-2006 03:55 AM

‎03-21-2006 03:55 AM

Re: Backup does not create default ACL's

Carl,

This does work if you use an intermediate on-disk saveset.

$ backup user19:[jones.data...] saveset.bck/save

$ backup/interchange saveset.bck/save project0:[stemcell.data...]/by_owner=parent

Use the /interchange qualifier only on the restore of the saveset.
Bill Hall
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.