Robert Siemer writes:
> I'm sorry for being so aggressive. - I see - your scenario is real.
> But how do you protect tape users from other users accessing their
> tape during backup (... or just before)?
The tape drivers I've seen lock the device. In other words, while
you're doing your backup/restore, someone else can't use the device.
As for the "just before", something like PAM is one solution. A better
solution is a suid-root programme that "allocates" the tape device (by
changing ownership and permissions), and "deallocates" upon programme
exit. Of course, now you have to deal with the issue of users locking
up the tape device for long periods, blocking others.
There's no perfect solution here, since there is a single physical
resource which you are trying to share between users. A certain level
of trust/co-operation is required. And given that, the simplest
approach, which is good for 99% of uses, is rw-rw-rw- access, combined
with the existing "one opener" behaviour of the driver.
Regards,
Richard....
Permanent: rgooch@xxxxxxxxxxxxx
Current: rgooch@xxxxxxxxxxxxxxx
|