On Fri, Apr 15, 2016 at 05:12:40PM -0400, Alvin Starr wrote:
For things like system backups you tend to have to run as root.
Often for some parts.
Your backup device often has to be connected to the server. I have yet to see a backup media the magicaly gets data written to it while on the shelf. So once you have plugged in your back up media to backup and your backup program runs wild ... your kind of screwed.
That's why you have a rotation of backup devices. That way you still have a backup while creating a new one. If your only backup is connected to your system, then you have no backups at all.
I kind of think it would be possible to use selinux to insure things like backups or system files cannot be deleted by accident.
That would take some work to get right and I believe most systems run with selinux disabled. I know there are more than a few packages that I administer where they outright say the selinux must be disabled.
Screwing up backup software is all too easy. I once worked for a computer company the sold systems to banks and for about a 3 month period a bug in the tape driver software was writing blank tapes. It was not discovered till a customer tried to restore something simple. Fortunately nobody needed to do a real restore of important data.
Well it isn't really a backup until it is verified either. Many people skip that step. I certainly have at home in many cases.
This company had a number of VERY smart people doing the coding but still silly errors crept through.
-- Len Sorensen