The can't exceed their unix permissions on the restore, so, in general,
they can't overwrite the kernel.  

The "bprestore" tool runs as their unix UID.

There used to be a problem where no group other than their primary group
was considered but I don't know if that's still a problem.  (for
example: User could restore files to a directory that had group write
for their primary GID in /etc/password but they couldn't restore files
to a dir that was group-perm'd to allow a secondary group from
/etc/group to write there.)

-M 

-----Original Message-----
From: veritas-bu-bounces at mailman.eng.auburn.edu
[mailto:veritas-bu-bounces at mailman.eng.auburn.edu] On Behalf Of Martin,
Jonathan (Contractor)
Sent: Wednesday, September 06, 2006 2:35 PM
To: Veritas-bu at mailman.eng.auburn.edu
Subject: [Veritas-bu] User Restores?


Is there any feature of NBU that would allow users to restore their own
data?  I suppose we could give them access to the restore GUI, but they
could then restore any file to any location, which is a major security
issue.  (Whoops, did I just overwrite the kernel?)  Is there some sort
of way we could give users the ability to restore their own data without
the DLO option?

-Jonathan

_______________________________________________
Veritas-bu maillist  -  Veritas-bu at mailman.eng.auburn.edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu