11/29/94 Backup and Restore Access Control Lists During mksysb SPECIAL NOTICES Information in this document is correct to the best of our knowledge at the time of this writing. Please send feedback by fax to "AIXServ Information" at (512) 823-4009. Please use this information with care. IBM will not be responsible for damages of any kind resulting from its use. The use of this information is the sole responsibility of the customer and depends on the customer's ability to eval- uate and integrate this information into the customer's operational environment. +----------------------------------------------------------+ | | | NOTE: The information in this document has NOT been | | verified for AIX 4.1. | | | +----------------------------------------------------------+ ABOUT THIS DOCUMENT In AIX 3.2, the "mksysb" command does not save and restore access control lists (ACLs) for files. IF YOUR SYSTEM IS AT AIX 3.2.5, you can apply the fix IX41592. | Fixes (PTFs) for AIX 3.2.5 and later can be downloaded via | Internet with the FixDist service. For FixDist information | and instructions, order fax number 1228 from 1-800-IBM-4FAX. | If you don't have access to Internet or if your machine is | at a pre-3.2.5 AIX level, you can request a specific fix | number from 1-800-CALL-AIX. All other services from | 1-800-CALL-AIX which are not Program Services require a | software support contract. IF YOUR SYSTEM IS AT A 3.2 LEVEL PRIOR TO 3.2.5, use the workaround below. The shell script will save all ACLs in the specified file system in a format that may be restored with any shell. WORKAROUND FOR AIX 3.2 TO 3.2.4 The script below should be saved in the file "mksysb-acls" and made executable with the command "chmod 555 mksysb- acls". To use the script, execute "mksysb-acls rootvg" immediately before using "mksysb". The output is a file named "/.acl.save". Then, whenever you restore a "mksysb" tape, you should execute the following: ksh /.acl.save Backup and Restore Access Control Lists During mksysb 1 11/29/94 This will restore all of the saved ACLs which existed in the volume group before the "mksysb" tape was made. Depending on how you are viewing this document, some charac- ters in the following code may appear incorrectly. If the characters in the following list do not match their descriptions, be sure to change them in the code. +----------------------------------------------------------+ | | | [ left bracket | | ] right bracket | | ` grave (back tic) | | | +----------------------------------------------------------+ Backup and Restore Access Control Lists During mksysb 2 11/29/94 #!/bin/ksh # # mksysb-acls # # # Check the command line syntax. There must be a single volume # group name, no more. # if [ $# != 1 ] ; then echo 'usage: mksysb-acls volume-group' exit 1 fi VGNAME=$1 # # Check the name for validity. If lsvg returns an error, the volume # group name isn't valid. # if lsvg $VGNAME > /dev/null 2>&1 ; then : else echo "mksysb-acls: invalid volume group name" exit 1 fi # # The directories to scan are those given by "lsvg" where the second # column (file system type) is "jfs". No other local file systems have # ACLs, so we don't look. # DIRS=`lsvg -l rootvg | awk '(($2 == "jfs") && (substr($7,1,1) == "/")) { print $7 }'` # # Scan the named directories for files with the extended ACL bit # set. Each located file system object will cause a "chown" and # "aclput" command to be generated to the .acl.save file. # umask 077 find $DIRS -xdev \( -perm -200000000 -o -perm -100000000 \) -print | \ while read FILE ; do ls -ld $FILE | awk '{ printf ("chown %s.%s %s\n", $3, $4, $9) }' echo aclput $FILE '<< \EOF' aclget $FILE echo \EOF ANS=`chtcb query ${FILE}` if [[ ${ANS} = *' is in '* ]]; then echo chtcb on ${FILE} fi done > /.acl.save chown root.system /.acl.save chmod 500 /.acl.save Backup and Restore Access Control Lists During mksysb 3 11/29/94 READER'S COMMENTS Please fax this form to (512) 823-4009, attention "AIXServ Informa- tion". You may also e-mail comments to: elizabet@austin.ibm.com. These comments should include the same customer information requested below. Use this form to tell us what you think about this document. If you have found errors in it, or if you want to express your opinion about it (such as organization, subject matter, appearance) or make sug- gestions for improvement, this is the form to use. If you need technical assistance, contact your local branch office, point of sale, or 1-800-CALL-AIX (for information about support offer- ings). These services may be billable. Faxes on a variety of sub- jects may be ordered free of charge from 1-800-IBM-4FAX. Outside the U.S. call 415-855-4329 using a fax machine phone. When you send comments to IBM, you grant IBM a nonexclusive right to use or distribute your comments in any way it believes appropriate without incurring any obligation to you. NOTE: If you have a problem report or item number, supplying that number may help us determine why a procedure did or did not work in your specific situation. Problem Report or Item #: Branch Office or Customer #: Be sure to print your name and fax number below if you would like a reply: Name: Fax Number: ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ ______________________________________________________________________ END OF DOCUMENT (mksysb.acl.save.bak, 4FAX# 2685) Backup and Restore Access Control Lists During mksysb 4