I've been a Digital Unix system administrator for years, now, but I'm
still amazed at my own ignorance, sometimes.
On VMS, if you want to handle a tape securely, you can issue the
"allocate" command to give your process (job?) sole control over the tape
drive before physically loading the tape. While you have the tape
allocated, nobody else can get access (I think privileged processes can
break it away from you, but I've never had to learn how to do that). When
you're done, after you've physically unloaded the tape, you deallocate the
drive, so the next guy or gal can use it.
What is there on Digital Unix (or Unix in general) to do this?
I suppose tape devices must be protected against multiple access during
actual operation somehow, but what keeps some other user from accessing my
tape between the time when I physically load it and when I issue a tar,
vdump, or other tape access command?
We load backup tapes before we leave at the end of the day, and the backup
process runs under a cron job early the next morning. Is there anything
we should be doing to protect potentially sensitive data from previous
backups on that tape? What stops Joe Random User from typing "mt
offline", making our backup fail?
Surely products like Networker Save/Restore have a solution to this, don't
they?
I'll summarize any answers I receive. Thanks in advance!
--
-- Phil Rand <prand_at_spu.edu> aka <postmaster_at_spu.edu>
-- Computer & Information Systems (206) 281-2428
-- Seattle Pacific University, 3307 3rd Ave W, Seattle, WA 98119
-- http://paul.spu.edu/~prand/
--
"One person CAN change the world, but most of the time,
you probably shouldn't." -- Marge Simpson
Received on Wed Dec 10 1997 - 18:46:41 NZDT