[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Backup server question



mroselinux eastgranby k12 ct us wrote:

On Thu, 2005-04-21 at 10:54 -0400, mroselinux eastgranby k12 ct us
wrote:


We have a FC3 server running samba, dhcpd, and named (for internal names
only).  Each night, a backup server to the primary runs rsync to
download
changed/new files.

This is a vacation week at our high school and I tried our backup plan
for
the first time since upgrading to FC3.  When bringing up the backup
server
as primary, I ran into a security problem with dhcpd (dhcpd: Can't open
lease database /var/lib/dhcp/dhcpd.leases: Permission denied).  I issued
a
setforce 0 command and restarted dhcpd and all was ok.  I then again
stopped dhcpd, issued a setenforce 1 command, restarted dhcpd and again
all was ok.

So, should I be running fixfiles each night at the end of the rsync
script? Or is there a better solution that someone with expertise can
suggest?


I think that the FC4/development tree includes a patch to rsync to allow
preservation of extended attributes (which would include the SELinux
attributes).  Hence, you might try building the development rsync SRPM
on FC3 and trying it there (using the -X option).  You need the updated
rsync on both the client and server.  Naturally, you'd want to test it
out somewhere other than your production machine first.

--
Stephen Smalley <sds tycho nsa gov>
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list redhat com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list



Stephen - Thanks for the info, but I don't think that I have the
capability to build rsync.  I will look forward to it.  But in the
meantime, is running fixfiles at the end of the rsync script an ok
approach?

Mark



--
fedora-selinux-list mailing list
fedora-selinux-list redhat com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list


Yes.

--



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]