Backup server question

[Daniel J Walsh]

mroselinux at eastgranby.k12.ct.us wrote:

>>On Thu, 2005-04-21 at 10:54 -0400, mroselinux at eastgranby.k12.ct.us
>>wrote:
>>    
>>
>>>We have a FC3 server running samba, dhcpd, and named (for internal names
>>>only).  Each night, a backup server to the primary runs rsync to
>>>download
>>>changed/new files.
>>>
>>>This is a vacation week at our high school and I tried our backup plan
>>>for
>>>the first time since upgrading to FC3.  When bringing up the backup
>>>server
>>>as primary, I ran into a security problem with dhcpd (dhcpd: Can't open
>>>lease database /var/lib/dhcp/dhcpd.leases: Permission denied).  I issued
>>>a
>>>setforce 0 command and restarted dhcpd and all was ok.  I then again
>>>stopped dhcpd, issued a setenforce 1 command, restarted dhcpd and again
>>>all was ok.
>>>
>>>So, should I be running fixfiles each night at the end of the rsync
>>>script?  Or is there a better solution that someone with expertise can
>>>suggest?
>>>      
>>>
>>I think that the FC4/development tree includes a patch to rsync to allow
>>preservation of extended attributes (which would include the SELinux
>>attributes).  Hence, you might try building the development rsync SRPM
>>on FC3 and trying it there (using the -X option).  You need the updated
>>rsync on both the client and server.  Naturally, you'd want to test it
>>out somewhere other than your production machine first.
>>
>>--
>>Stephen Smalley <sds at tycho.nsa.gov>
>>National Security Agency
>>
>>--
>>fedora-selinux-list mailing list
>>fedora-selinux-list at redhat.com
>>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>
>>    
>>
>Stephen - Thanks for the info, but I don't think that I have the
>capability to build rsync.  I will look forward to it.  But in the
>meantime, is running fixfiles at the end of the rsync script an ok
>approach?
>
>Mark
>
>
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>  
>
Yes.

--