cell backup

cell backup [cell_name]

Description
The cell backup command backs up the master security database and each clearinghouse with master replicas in the cell. It requires that dced be running on each of the server hosts. It takes no arguments or options.

Prepare a cell for regular backup operations by changing the access control lists (ACLs) on two of the dced objects on the local machine and setting up an extended registry attribute (ERA) that can specify a backup destination (typically a tape archive). Then add the new attribute to the principals for the master DCE Security Service registry database and all CDS clearinghouses with master replicas that you want to back up. To do this, follow these steps:

1. Put the DCE daemon into partial service mode by sending the dced process the correct signal:

# kill -SIGUSR1 pid_of_dced
#

2. Invoke dcecp with the -local option:

# dcecp -local
dcecp>

3. Modify ACLs on the local hostdata and srvrconf objects to allow the subsys/dce/dced-admin group access by using the following dcecp acl operations:

dcecp> acl modify hostdata -add {group subsys/dce/dced-admin -riI} -local
dcecp> acl modify srvrconf -add {group subsys/dce/dced-admin -riI} -local
dcecp> acl modify srvrconf -add {group subsys/dce/dced-admin -d-rwx} -io -local
dcecp>

4. Put the DCE daemon back into full service mode with the following command:

# kill -SIGUSR1 pid_of_dced
#

5. Create an extended registry attribute (ERA) as a string that specifies a backup destination. Name the ERA /.:/sec/xattrschema/bckp_dest and the type printstring. Select the ACL manager named principal and set its four permission bits to r (read), m (manage), r (read), and D (Delete) as shown in the following command:

dcecp> xattrschema create /.:/sec/xattrschema/bckp_dest \
-encoding printstring > -aclmgr {principal r m r D}
dcecp>

6. Add the new ERA (bckp_dest) to the principal dce-rgy (the DCE Security Service registry database). Set the value to be the tar filename or the device that is the backup destination:

dcecp> principal modify dce-rgy -add {bckp_dest tarfilename_or_device}
dcecp>

7. Add the new ERA (bckp_dest) to the principal /.:/hosts/hostname/cds-server (the CDS server). Set the value to be the tar filename or the device that is the backup destination:

dcecp> principal modify /.:/hosts/hostname/cds-server \
> -add {bckp_dest tarfilename_or_device}
dcecp>

Now, whenever you want to back up your registry database or CDS database, you can just invoke a cell backup command.

You can back up another cell by including the cell name as an argument to the cell backup command. Note that you need the necessary permissions in the remote cell. (Refer to the registry object reference page for the required privileges.) This command returns an empty string on success.

Privileges Required
The cell backup command requires that the administrator be logged in as the local superuser (root). It also requires the user to be authenticated to the security service as the cell administrator.

Examples

dcecp> cell backup
dcecp>