On 2015-05-04 Kevin McGregor wrote:
Is that possible/feasible? In Windows, there's a group called "Backup Operator" which does something like this. Is the only alternative in Solaris to make the account a member of the "root" group? I don't care about e.g. device files and the like. I just want the account to be able to back up regular ZFS user-type file systems.
That's a perennial UNIX question. I'd like to know the answer too!
Personally, on Linux boxes where groups aren't used at all for user files I want backed up (they are all just Samba shared as the owner), I use samba settings to ensure all files are group "backup" or similar and group readable. Cheesy, but it works because I 100% control access to those files via limited daemons.
If your situation isn't similar (i.e. you are using groups for something meaningful, or want to backup whole-systems like including /etc) then that is useless.
I'm sure there's an ACL solution, and I'm (pretty) sure Solaris has ACL's. However, something about making a zillion ACL's just to do backups rubs me the wrong way. Sure, if the ACL's are small enough they'll just get stored in the inode (I think), but I'd sure hate to waste a fs block just for an ACL if it didn't (if there already were ACL's on the files, selinux, etc).
I hope some other members will give a more useful answer...
(It would be nice if there was a standard, automatic UNIX account called root-ro!)
(Oh ya, and dump/restore should be able to bypass all inode user/group restrictions, but use at your own risk.)