[Info-ingres] Cktmpl.def, Ingres SUID permissions not inherited by tape backupcommand.

[Ingres Forums]

We have recently changed our cktmpl.def checkpoint template file
to use the Tivoli /usr/tivoli/tsm/client/ba/bin/dsmc command,
this is for our direct-to-tape backups only.

However we now have problems when running tape checkpoints from non-
ingres users.

We have a database called lamp, owned by user lamp, this user can
checkpoint his own database to disk (the cktmpl.def uses /bin/tar for
disk checkpoints) but not to tape, i.e. checkpoints fail when using
the
new Tivoli dsmc command, the error message indicates that dsmc
doesn't have read permissions to the underlying lamp database files.

The ingres user _can_ checkpoint the lamp database to disk or tape, no
problem.

I hadn't really thought about this before, but the SUID bit on the
iimerge executable (the ckpdb command is basically iimerge) should
overcome this problem and allow a non-priv (in UNIX terms) user to
access files he wouldn't normally be allowed to see.

The problem we have is that the SUID capabilities are not being
inherited by dsmc, they are working fine for (disk checkpoints)
/bin/tar however, and they worked for the previous tape backup
mechanism (netbackup), so this isn't a problem with the permissions on
iimerge.

Can anyone give me any pointers as to why dsmc isn't running with
ingres's SUID permissions?

Version: Ingres 2006, II 9.1.0 (r64.us5/123)

# ls -l iimerge
-rwsr-xr-x 1 ingres sys 11980678 09 Apr 2007 iimerge


-- 
thaohaitrieu8
------------------------------------------------------------------------
thaohaitrieu8's Profile: http://community.actian.com/forum/member.php?userid=122604
View this thread: http://community.actian.com/forum/showthread.php?t=16217