Backup server question
Daniel J Walsh
dwalsh at redhat.com
Fri Apr 22 01:28:54 UTC 2005
mroselinux at eastgranby.k12.ct.us wrote:
>>On Thu, 2005-04-21 at 10:54 -0400, mroselinux at eastgranby.k12.ct.us
>>wrote:
>>
>>
>>>We have a FC3 server running samba, dhcpd, and named (for internal names
>>>only). Each night, a backup server to the primary runs rsync to
>>>download
>>>changed/new files.
>>>
>>>This is a vacation week at our high school and I tried our backup plan
>>>for
>>>the first time since upgrading to FC3. When bringing up the backup
>>>server
>>>as primary, I ran into a security problem with dhcpd (dhcpd: Can't open
>>>lease database /var/lib/dhcp/dhcpd.leases: Permission denied). I issued
>>>a
>>>setforce 0 command and restarted dhcpd and all was ok. I then again
>>>stopped dhcpd, issued a setenforce 1 command, restarted dhcpd and again
>>>all was ok.
>>>
>>>So, should I be running fixfiles each night at the end of the rsync
>>>script? Or is there a better solution that someone with expertise can
>>>suggest?
>>>
>>>
>>I think that the FC4/development tree includes a patch to rsync to allow
>>preservation of extended attributes (which would include the SELinux
>>attributes). Hence, you might try building the development rsync SRPM
>>on FC3 and trying it there (using the -X option). You need the updated
>>rsync on both the client and server. Naturally, you'd want to test it
>>out somewhere other than your production machine first.
>>
>>--
>>Stephen Smalley <sds at tycho.nsa.gov>
>>National Security Agency
>>
>>--
>>fedora-selinux-list mailing list
>>fedora-selinux-list at redhat.com
>>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>
>>
>>
>Stephen - Thanks for the info, but I don't think that I have the
>capability to build rsync. I will look forward to it. But in the
>meantime, is running fixfiles at the end of the rsync script an ok
>approach?
>
>Mark
>
>
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
Yes.
--
More information about the fedora-selinux-list
mailing list