| To: [email protected]
Cc: [email protected]
Subject: Re: tprestore
In-Reply-To: Your message of "Tue, 04 Mar 97 16:31:14 EST."
<[email protected]>
Date: Tue, 04 Mar 97 17:29:11 -0500
From: "Barbara A. Thomson (ZKO3-2/X46 1-2955)" <thomson>
X-Mts: smtp
> Laura has a user that did a tpdump (unclassified) then she is trying to
> tprestore, it restores some of the files others fail w/permission denied.
> Does tpdump keep track of the syshi files?
Yes, IOW you have to do a dump at syshi if you want to
dump syshi files -- your process SL must dominate the
SL of the files you want to dump. You also have to
run restore at syshi if you want to restore syshi files.
You can only run dump at syslo and get all the stuff dumped
if you have the allowmacaccess privilege. But you cannot
get away with running restore at syslo if you are trying to
restore files > syslo, even if you have the allowmacaccess priv,
because restore will fail if you have directories at levels above
syslo; it's one of the file system "invariant" rules (no privilege
will enable you to create a syslo file in a secret directory, for
example).
> I don't even know if I'm asking this question the right way. I did not
> find a man page on tprestore, please give me a pointer.
>
Yep, you are. There is no man page, but I think it is
mentioned in the dump man page and restore man page.
If you "more /bin/tpdump" you will see the shell script
used to invoke dump from the trusted path. It is fairly
self-explanatory: it is starting up a dxterm that starts
up a shell that runs dump. So in the Start Application
dxtp menu box, you type the usual arguments:
/bin/tpdump 0f /dev/rmt0h /dev/rrz1g
or whatever.
In the case of /bin/tprestore (and /bin/tpmltape), you can
type in the Start Application menu box:
/bin/tprestore -h
And you'll see the help text that you can also see if
you more /bin/tprestore_inner.sh (or /bin/tpmltape_inner.sh).
The /bin/tprestore and /bin/tpmltape are more complicated,
because they have to have some interaction with the shell
scripts.
> clueless in colorado
Not a chance. The "tp" scripts were invented more or less at
the last minute because the evaluation team insisted that
dump, restore, and mltape must be invoked from the trusted
path IF and only IF you are writing to/reading from a
multilevel device or file (no need if to a single-level device
or file).
If you are root and you want to write a shell script to be
run as root, it's a simple matter of:
/tcb/bin/epa -g tpath '/bin/dump 0f /dev/rmt0h /dev/rrz1g'
or whatever, but for the non-root user, it's a drag.
Re-writing the user interface was not an option -- the
shell scripts /bin/tpmltape, etc., were the fast way to
provide the option.
So that's why the sparse documentation, etc. There may
also be something in the release notes, I forget.
Regards
BAT
|
| Date: Thu, 6 Mar 1997 16:04:31 -0500
From: [email protected] (Tammy Sandefur)
To: [email protected]
Subject: tprstore
Hi Bat,
I'm stummed. tpdump/tprestore. I verified the user did the dump at syshi
it works great. She goes to restore at syshi, only unclassified files
get restored everything else fails w/permission denied.
This is happening on v2.1.
Tammy Sandefur
Digital Equipment
Ultrix & Osf Network Support
[email protected]
|
| What kind of file system is she restoring to?
What are the device characteristics of the dump device (or file)?
If it cannot restore files with SLs > syslo (and she is running at
syshi) then maybe she is trying to restore the files into a file system
that is a single-level file system.
Is she restoring from a file or from a device? If she is restoring
from a device, check to make sure that the device is set up multilevel
with a full range in the /etc/auth/system/devassign file (XIsso->
Modify Device-> etc. menu). (A quick way to check -- can she cd to the
restore partition and create a file with a non-syslo SL, i.e., not
using restore? If the user doesn't have the permission to do this,
it won't work using restore.)
If she is restoring from a file then did she use the -G switch when
she dumped the saveset to the file?
I need more information to be able to answer this...
get the command she used to create the dump set,
get the devassign entry for the device she dumped to
get the user's auths and privileges
get the command she is using to do the restore.
is she doing it from the trusted path start application menu box?
get the text of the error message she is getting.
(it may be in the session manager window if she is using tprestore)
have the user issue the getlevel -a command
and the privs -mbe command
(to get the command auths in V2 unfortunately, you have
to look at the u_cmdpriv= field in /tcb/files/auth file,
or run XIsso->Modify User)
As a user the with isso command auth only, via the trusted path
start application menu box, I was able to /bin/tprestore to a
filesystem I had created and mounted.
|