D Oracle Secure Backup Support for Extended Attributes and Access Control Lists
This appendix describes how Oracle Secure Backup backup and restore operations work with extended attributes and access control lists. It explains how to perform these operations by optionally saving or excluding extended attributes and access control lists.
This section contains the following topics:
Overview of Extended Attributes and Access Control Lists
Oracle Secure Backup now enables you to perform backup and restore operations for files and directories associated with extended attributes and access control lists on UNIX like platforms. Oracle Secure Backup already supports this option on Windows platforms.
Extended attributes contain information associated with a file or directory defined in a name value format. These attributes may be associated to one particular application or the entire file system. Access control lists implement a finer grained permission model for files and directories on Unix like systems, which allows granting or denying access of a file or a directory to a specific set of users or groups.
In some cases, Oracle Secure Backup domains cannot read backup images containing extended attributes or access control lists. In such scenarios, Oracle Secure Backup gives you the option to perform the backup without saving the associated extended attributes and access control lists.
See Also:
"-A" for more information on the obtar
option.
Supported Platforms
Table D-1 lists the platforms that support Oracle Secure Backup backup and recovery operations with extended attributes and access control lists.
If you backup a file or directory on a platform that doesn't support extended attributes and access control lists, Oracle Secure Backup will continue to perform the backup operation without saving the associated extended attributes and access control lists.
Table D-1 Supporting Platforms for Extended Attributes and Access Control Lists
Platform | File System |
---|---|
Linux |
ext2, ext3, JFS, XFS, ASM Cluster File System |
Solaris |
UFS, ASM Cluster File System, ZFS |
AIX |
JFS, GPFS, JFS2, VxFS |
Windows |
FAT, NTFS |
Note:
On Linux platforms, Oracle Secure Backup supports any file system that implement POSIX access control lists interface.
Oracle Secure Backup does not perform cross-platform restore of extended attributes and access control lists as it may threaten security of the file. Ensure that you restore your backup consisting extended attributes and access control lists on the same platform version as the one used to perform the backup.
Requirements
To successfully backup and restore extended attributes and access control lists, keep the following points in mind:
-
Oracle Automatic Storage Management cluster file system uses extended attributes to store tags associated with files and directories. It also supports access control lists. Ensure that Oracle Secure Backup is compatible with the cluster file system and its functions.
-
While performing incremental backups, Oracle Secure Backup notes the
mtime
of each file being backed up.You can use obtar to change this setting to note thectime,
instead. The same setting is applied to extended attributes and access control lists. -
In any situation, if you don't want to save extended attributes and access control lists then you must use the
obtar -A
option while performing a backup. This option ignores the existing extended attributes and access control lists and proceeds to backup the file or directory without saving them. -
To save your extended attributes and access control lists, ensure that your backupoptions policy is not set to the
obtar -A
option set.
See Also:
-
"backup" for more information on how to use the
backup
command -
"Changing Criteria for Incremental Backups" for more information on how to change the
mtime
setting -
-A for more information on the
obtar -A
option
Security Practices
In some cases, a file may have been created first and an access control list applied at the restore stage. Such scenarios may lead to a security breach. It is recommended that you perform a restore by applying the access control list earlier.
You must also encrypt extended attributes and access control lists if they are not contained in the data being backed up, to eliminate unauthorized access.
Performing Backup and Recovery with Extended Attributes and Access Control Lists on Linux and Unix
This section lists the steps you must complete to successfully perform backup and recovery for files and directories with extended attributes and access control lists on UNIX like platforms.
To perform backup and recovery with extended attributes and access control lists: