Rodolfo Gouveia wrote: > On Fri, Oct 11, 2013 at 09:04:16AM -0400, Jiri B wrote: >> Try `su' to your user on that system and try to `ls -lR' those dirs, >> I suppose he won't be able to do that. >> >> j. > > Thanks Jiri. > Indeed he can't. > > I've looked at this closer and I found out that on some machines dump > doesn't give any error even though the user 'backup' can't list the > contents of the folder: > $ whoami > backup > $ ls -lhd /var/audit > drwxrws--- 2 root wheel 512B Mar 13 2013 /var/audit > $ ls -lhR /var/audit > ls: audit: Permission denied > > The difference I found between those machines is the partition layout. > Machine with no errors: > $ mount > /dev/sd0a on / type ffs (local) > /dev/sd0g on /home type ffs (local, nodev, nosuid) > /dev/sd0d on /tmp type ffs (local, nodev, nosuid) > /dev/sd0f on /usr type ffs (local, nodev) > /dev/sd0e on /var type ffs (local, nodev, nosuid) > Machine with errors: > $ mount > /dev/sd0a on / type ffs (local) > > So the difference is that when '/var' is a real partition, dump doesn't > complain at all. > Does this make sense?
Possibly, yes, but I don't think you're supplying all information necessary to determine that. The exact command you run isn't clear to me. e.g. when specifying 'files-to-dump' as: 1) a list of files and directories, I expect the user running dump to need sufficient access to be able to make a backup of each of the individual files and directories. 2) a mountpoint, I suspect the underlying device node is accessed to make the backup. Guess what ? $ ls -l /dev/sd0a brw-r----- 1 root operator 4, 0 May 7 19:13 /dev/sd0a AFAICT device nodes are readable by the operator group an thus can be backed up by members of that group. To the best of my knowledge dump can be used to backup whole filesystems by accessing them through the underlying device node as a member of the operator group. Also see dump(8) and the FAQ.
