I would like to give a select number of 'backup operators' -- those who can mount volumes (smb shares) and those who may write to the tape device. Since the tape device is group owned by disk, I'm assuming the proper way to give these backup operators permissions to write to it is by putting them in group disk. What about smbmounting? Should I added group disk to sudoers and give that group permissions to run smbmount? -- David Bear phone: 480-965-8257 fax: 480-965-9189 College of Public Programs/ASU Wilson Hall 232 Tempe, AZ 85287-0803 "Beware the IP portfolio, everyone will be suspect of trespassing"
Dear David, What you suggest is tempting, but actually a blind alley. If you put the operators in group disk they will have enormous power to do damage (e.g. they can write to raw disc partitions) but they still won't have the power they need to read all files to back them up. I think it is better to design your backup scripts to run as root, and use sudo to restrict access to those scripts. It is certainly simpler, and complexity is the enemy of security. Bob On Wed, 1 Feb 2006, David Bear wrote:
I would like to give a select number of 'backup operators' -- those who can mount volumes (smb shares) and those who may write to the tape device.
Since the tape device is group owned by disk, I'm assuming the proper way to give these backup operators permissions to write to it is by putting them in group disk.
What about smbmounting? Should I added group disk to sudoers and give that group permissions to run smbmount?
participants (2)
-
Bob Vickers -
David Bear