D Oracle Secure Backup Support for Extended Attributes and Access Control Lists

This appendix describes how Oracle Secure Backup backup and restore operations work with extended attributes and access control lists. It explains how to perform these operations by optionally saving or excluding extended attributes and access control lists.

This section contains the following topics:

• Overview of Extended Attributes and Access Control Lists

• Supported Platforms

• Performing Backup and Recovery with Extended Attributes and Access Control Lists on Linux and Unix

D.1 Overview of Extended Attributes and Access Control Lists

Oracle Secure Backup now enables you to perform backup and restore operations for files and directories associated with extended attributes and access control lists on UNIX like platforms. Oracle Secure Backup already supports this option on Windows platforms.

Extended attributes contain information associated with a file or directory defined in a name value format. These attributes may be associated to one particular application or the entire file system. Access control lists implement a finer grained permission model for files and directories on Unix like systems, which allows granting or denying access of a file or a directory to a specific set of users or groups.

In some cases, Oracle Secure Backup domains cannot read backup images containing extended attributes or access control lists. In such scenarios, Oracle Secure Backup gives you the option to perform the backup without saving the associated extended attributes and access control lists.

See Also:

"-A" for more information on the obtaroption.

D.2 Supported Platforms

Table D-1 lists the platforms that support Oracle Secure Backup backup and recovery operations with extended attributes and access control lists.

If you backup a file or directory on a platform that doesn't support extended attributes and access control lists, Oracle Secure Backup will continue to perform the backup operation without saving the associated extended attributes and access control lists.

Table D-1 Supporting Platforms for Extended Attributes and Access Control Lists

Platform	File System
Linux	ext2, ext3, JFS, XFS, ASM Cluster File System
Solaris	UFS, ASM Cluster File System, ZFS
AIX	JFS, GPFS, JFS2, VxFS
Windows	FAT, NTFS

Note:

On Linux platforms, Oracle Secure Backup supports any file system that implement POSIX access control lists interface.

Oracle Secure Backup does not perform cross-platform restore of extended attributes and access control lists as it may threaten security of the file. Ensure that you restore your backup consisting extended attributes and access control lists on the same platform version as the one used to perform the backup.

D.3 Requirements

To successfully backup and restore extended attributes and access control lists, keep the following points in mind:

• Oracle Automatic Storage Management cluster file system uses extended attributes to store tags associated with files and directories. It also supports access control lists. Ensure that Oracle Secure Backup is compatible with the cluster file system and its functions.

• While performing incremental backups, Oracle Secure Backup notes the mtime of each file being backed up.You can use obtar to change this setting to note the ctime, instead. The same setting is applied to extended attributes and access control lists.

• In any situation, if you don't want to save extended attributes and access control lists then you must use the obtar -A option while performing a backup. This option ignores the existing extended attributes and access control lists and proceeds to backup the file or directory without saving them.

• To save your extended attributes and access control lists, ensure that your backupoptions policy is not set to the obtar -A option set.

See Also:

• "backup" for more information on how to use the backup command

• "Changing Criteria for Incremental Backups" for more information on how to change the mtime setting

• -A for more information on the obtar -A option

D.4 Security Practices

In some cases, a file may have been created first and an access control list applied at the restore stage. Such scenarios may lead to a security breach. It is recommended that you perform a restore by applying the access control list earlier.

You must also encrypt extended attributes and access control lists if they are not contained in the data being backed up, to eliminate unauthorized access.

D.5 Performing Backup and Recovery with Extended Attributes and Access Control Lists on Linux and Unix

This section lists the steps you must complete to successfully perform backup and recovery for files and directories with extended attributes and access control lists on UNIX like platforms.

To perform backup and recovery with extended attributes and access control lists:

1. Set up extended attributes and access control lists for the file or directory that you need to back up.
2. Create a dataset that includes the path to the file or directory that consists the extended attributes and access control lists.

   See:

   "mkds" for information on how to create a dataset

3. Create a disk pool, if required, to store the backup that you will be performing for this dataset.

   See:

   "mkdev" for information on how to create a disk pool

4. Backup the dataset you created, which consists the file or directory with its associated extended attributes and access control lists. Unless specified otherwise by using the obtar -A command, the backup command will save the extended attributes and access control lists automatically.

   See:

   "backup" for information on how to perform a backup

   "-A" for more information on the obtar -A option

5. Restore this data that you backed up on the same platform as the one on which the backup was performed.

   See:

   "restore" for information on how to restore data

6. Verify that your data has been restored successfully along with its extended attributes and access control lists by checking the restore log file.