[2457] in Release_7.7_team
Re: ADSM scheduled backup - a bit long- sorry
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Thu Oct 19 14:02:01 2000
Message-Id: <200010191801.OAA25366@Bearing-An-Hourglass.mit.edu>
From: Jonathon Weiss <jweiss@MIT.EDU>
To: Alex T Prengel <alexp@MIT.EDU>
cc: Jonathon Weiss <jweiss@MIT.EDU>, release-team@MIT.EDU
In-reply-to: Your message of "Mon, 16 Oct 2000 12:06:04 EDT."
<200010161606.MAA28791@dit.mit.edu>
Date: Thu, 19 Oct 2000 14:01:54 -0400
> Well, this gets into the philosophy of what we want users to be
> backing up and restoring. In our prior (non-scheduled) ADSM use, we
> were essentially telling users- "use it only to back up your local
> stuff in /var/local- everything else is part of the Athena release and
> you shouldn't back up and restore things there or you might break the
> release." We can stick to this philosophy or change it, but if I put /
> back as a file system, then things like /kernel, /opt (and so on) on
> Solaris get automatically backed up too so then I need to exclude them
> as directories... this gets to be a considerable pain. It's very easy
> for users to back up lots of stuff that they might restore of top of a
> later Athena release- I'm concerned about that.
OK, there is somethign to be said for this philosophy. There are a
lot of config files under /etc, but while I edit a number of them we
know that I am not a good sample set. Thinking about it I really
don't know that a lot of other users will edit them (more than by
running mkserv which is easy and reproducable). Does anyone else have
an opnion here?
> >I would exclude any file named srvtab, krb5.keytab, ssh_host_key,
> >ssh_host_key.pub, and ssh_random_seed. I would also exclude /tmp,
> >/var/tmp, and /var/rtmp. Most of these exclusions are to prevent
> >cryptographic secrets from going over the net in the clear.
>
> Yes- good idea. Are these always in a standard place or could they be
> put elsewhere?
They are usually in a standard place, tho they can be in others (and
there will somtimes be multiple srvtab files in different places with
different keys fro different services). for reference, common
locations include:
/etc/ssh_host_key
/etc/ssh_random_seed
/etc/ssh_host_key.pub
/etc/krb5.keytab
/etc/srvtab
/etc/athena/krb5.keytab
/etc/athena/srvtab
/var/spool/discuss/srvtab
and of course the tmp directories I mentioned above, since they will
often contain kerberos ticket files.
> I was actually going to include everything under /var except /var/local,
> in line with the philosophy that "we only want to back up /var/local by
> default". We can change this philopsophy if the majority feel that way...
/var/spool sometimes contains stuff worth saving (the discuss spool on
a discuss server, for instance), but probably also contains some stuff
we don't care about.
Jonathon
