| To: [email protected]
Cc: [email protected]
Subject: Re: dump question
In-Reply-To: Your message of "Thu, 23 Jan 97 13:59:58 EST."
<[email protected]>
Date: Mon, 27 Jan 97 17:53:21 -0500
From: "B. A. Thomson (381-2955)" <thomson>
X-Mts: smtp
>
> Trident would like to know if they can issue dump from a command line.
> man pagers says it is restricted, is there a workaround?
>
Yes. It is restricted to the trusted path for multi-level
exports -- or at least in V2.1 it is (the change to make it
trusted path was requested by the eval team and hasn't yet
been propagated to V3 or V4 so I'm assuming you are speaking
V2.1 here).
For any trusted path restricted command you
should always be able to get around issuing it from
the X trusted path if you are root or are privileged
(have the setprocident privilege). (You may also have to
set up /tcb/bin/epa so the non-root user can "see" it.)
To use the epa command:
/tcb/bin/epa -g tpath 'type the command you want to issue'
For example:
/tcb/bin/epa -g tpath '/usr/tcb/bin/passwd thomson'
Also, in the case of V2 dump, the new -G switch enables
you to do multi-level dumps to a file (preserving SLs).
>
> # /bin/dump 0f - > /dev/null
> DUMP: Date of this level 0 dump: Thu Jan 23 11:13:05 1997
> DUMP: Date of last level 0 dump: the epoch
> DUMP: Dumping /dev/rrz2a (/) to standard output
> FATAL: Cannot determine device label
This is true -- it failed because you are attempting to
dump to stdout which is not in /etc/auth/system/devassign.
If you want to test dump, test to the tape device;
if you do not have a tape device, dump to a file.
In V2 you must use the -G switch if you are dumping
to a file in order to preserve the labels properly
(and not have them all "float" up).
|