NSR(8)NSR(8)NAME
nsr - introduction and overview of NetWorker
DESCRIPTION
NetWorker facilitates the backup and recovery of files on a network of
computer systems. Files and filesystems may be backed up on a sched‐
uled basis. Recovery of entire filesystems and single files is simpli‐
fied by use of an on-line index of saved files.
NetWorker uses a client-server model to provide the file backup and
recover service. At least one machine on the network is designated as
the NetWorker server, and the machines with disks to be backed up are
NetWorker clients. Five daemons provide the NetWorker service, control
access to the system, and provide index and media support. On the
clients, there are special programs to access the file systems and com‐
municate with the NetWorker server.
The NetWorker system has several parts. Commands and files are only
briefly mentioned here; see the appropriate reference manual page for
more detailed information. Each command has a manual page entry in
section 8. The files and their formats are explained in section 5 man‐
ual pages.
The NetWorker Administrator's Guide provides information on configuring
and administering a NetWorker system. It includes many examples and
rationales for setting up and running a successful backup operation.
INSTALLATION
How NetWorker is installed depends on the architecture of the machine
upon which you are installing. For detailed installation instructions,
see the NetWorker Installation Guide for your specific platform.
nsr_ize(8) The NetWorker installation script. The script will
install both clients and servers. The nsr_ize script can
also be used to de-install NetWorker. Note that some
systems use other methods for installing and de-
installing NetWorker, in which case the nsr_ize script
will not exist.
nsr_layout(5) Describes where NetWorker programs, files, and manual
pages are installed.
SERVER DAEMONS
NetWorker uses a client-server model to provide a backup and recover
service. The following daemons encompass the server side of NetWorker.
nsrd(8) The main NetWorker daemon. nsrd handles initial communi‐
cation with clients, and starts and stops the other Net‐
Worker server daemons.
ansrd(8) The agent nsrd process, spawned by nsrd in response to a
recovery, clone, or other session. The ansrd daemon is
invoked on an as-needed basis and is only present when
there are sessions active to the NetWorker server. Modern
versions of save(8) do not require use of an ansrd daemon.
nsrindexd(8) This server daemon provides access to the NetWorker on-
line index. The index holds records of saved files. The
index allows clients to selectively browse and choose
files to recover without having to access the backup
media.
nsrmmdbd(8) The media management database daemon provides an index of
save sets and media. The nsrmmdbd daemon provides a much
coarser view of the saved files than does nsrindexd, and
therefore the resultant index is usually much smaller.
nsrmmd(8) The media multiplexor daemon provides device support for
NetWorker. When more than one client is saving files, the
data from each client is multiplexed. During recovery
operations, the data is demultiplexed and sent back to the
requesting clients. When the multiple devices are
enabled, several of these daemons may be active simultane‐
ously.
ADMINISTRATION
NetWorker is administered via resources and attributes. Every resource
has one or more attributes associated with it. For example, a device
is a NetWorker resource type; an attribute of devices is the device
type, for example, 4mm or 8mm. The NetWorker resource format is docu‐
mented in nsr_resource(5). There is also a manual page for each Net‐
Worker resource in section 5 of the manual.
Resource files are not normally edited by hand. Rather, a NetWorker
tool (usually NetWorker Management Console or nsradmin(8)) is used to
modify resource files dynamically so that values can be checked and
changes can be propagated automatically to the interested programs.
The following are tools that are used to administer various aspects of
NetWorker.
NetWorker Management Console
Monitors the activity of and administers NetWorker
servers. NetWorker Management Console is a Java based
application and is most users' primary interface to Net‐
Worker.
nsradmin(8) A curses(3) based tool for the administration of NetWorker
servers.
nsrwatch(8) A curses(3) based tool to monitor the activity of Net‐
Worker servers.
nsrmm(8) Media manager command. The nsrmm command is used to
label, mount, unmount, delete and purge volumes. Mount
requests are generated by nsrmmd, and displayed by Net‐
Worker Management Console or nsrwatch. The size of the
on-line user file indexes may be controlled by deleting
and purging volumes.
nsrjb(8) The NetWorker jukebox-controlling command. When dealing
with a jukebox, nsrjb, rather than nsrmm, should be used
to label, load, and unload the volumes contained within a
jukebox.
nsrim(8) Automatically manages the on-line index. It is usually
run periodically by savegrp.
mminfo(8) Provides information about volumes and save sets.
nsrck(8) Checks and repairs the NetWorker on-line index. It is run
automatically when nsrd starts up if the databases were
not closed cleanly due to a system crash.
nsr_shutdown(8)
A shell script used to safely shut down the local Net‐
Worker server. The nsr_shutdown script can only be run by
the super user.
SAVING FILES
NetWorker supports both scheduled and manual saving of files and
filesystems. Each client may be scheduled to save all or part of its
filesystems. Different clients may be scheduled to begin saving at
different times.
save(8) A command-line-based tool used to back up a specified file
or group of files. The save command may be run manually
by users and administrators, or automatically by savegrp.
nwbackup(8) A Motif-based tool for backing up files. The nwbackup
command is the graphical equivalent of save.
savegrp(8) Used to initiate the backup of a group of client machines.
Usually started automatically by the NetWorker server.
The savegrp command also backs up the clients' on-line
file indexes, which are stored on the server. When back‐
ing up the server itself, a bootstrap save set is also
created.
nsrexec(8) The agent savegrp process, spawned by savegrp. The
nsrexec command monitors the progress of NetWorker com‐
mands.
nsrclone(8) The NetWorker save set/volume cloning command. Using nsr‐
clone, clones, or exact replicas, of save sets or entire
volumes can be made. Clone data is indistinguishable from
the original data, except for the NetWorker media volumes
upon which the data reside.
nsrexecd(8) NetWorker-specific remote execution service which runs on
NetWorker clients. Used by savegrp to start save and
savefs on client machines.
savefs(8) Used by savegrp to determine characteristics of a client,
and to map the save set All to the current list of all
save sets on a client.
RECOVERING FILES
NetWorker maintains an on-line index of user files that have been
saved. Users may browse the index and select files for recovery. This
information is used to build a representation of the file heirarchy as
of any time in the past. NetWorker then locates the correct volume and
recovers the requested files.
recover(8) Browses the on-line user file index and selects files and
filesystems to recover.
nwrecover(8) A Motif-based tool for recovering files. The nwrecover
command is the graphical equivalent of recover.
mmrecov(8) Used only for disaster recovery. Recovers the special
bootstrap index and the server's on-line file index. The
recover or nwrecover commands are used to recover other
on-line file indexes.
scanner(8) Verifies correctness and integrity of NetWorker volumes.
Can also recover complete save sets and rebuild the on-
line file and media indexes.
nsr_crash(8) A man page describing crash recovery techniques.
nsrinfo(8) Used to generate reports about the contents of a client's
file index.
APPLICATION SPECIFIC MODULES
In order to process user files in an optimal manner, NetWorker provides
the ASM mechanism. Pattern matching is used to select files for pro‐
cessing by the different ASMs. The patterns and associated ASMs are
described in nsr(5). The save command keeps track of which ASMs were
used to process a file so that recover may use the same ASMs to recover
the file.
uasm(8) UNIX filesystem specific save/recover module. The uasm
man page documents the general rules for all ASMs. The
uasm command and its man page actually comprise several
additional ASMs, including compressasm, mailasm, and
xlateasm, to name a few.
nsrindexasm(8) Processes the on-line user file indexes.
nsrmmdbasm(8) Processes the on on-line media database.
SERVER LOCATION
On large networks there may be several NetWorker servers installed.
Each NetWorker client command must select a server to use.
For server selection, the client commands are classified into two
groups: administration and operation. The administration commands
include NetWorker Management Console, nsrwatch, and mminfo. The opera‐
tion commands include save, savefs, and recover. Both groups of com‐
mands accept a -s server option to explicitly specify a NetWorker
server.
When a server is not explicitly specified, the operation commands use
the following steps to locate one. The first server found is used.
1) The local machine is examined to see if it is a NetWorker server.
If it is, then it is used.
2) The machine where the current directory is actually located is
examined to see if it is a NetWorker server. If it is, then it is
used.
3) The machine specified with the -c option is examined to see if it
is a NetWorker server. If it is, then it is used.
4) The list of trusted NetWorker servers is obtained from the local
machine's nsrexecd(8). Each machine on the list is examined to
see if it is a NetWorker server. The first machine determined to
be a NetWorker server is used.
5) A broadcast request is issued. The first NetWorker server to
respond to the request is used.
6) If a NetWorker server still has not been found, then the local
machine is used.
The administrative commands only use step 1.
SECURITY
Before a save is allowed, there must be an NSR client resource created
for the given client. Before a recovery is allowed, the server vali‐
dates client access by checking the remote access attribute in the NSR
client resource (see nsr_client(5)).
The savegrp(8) command initiates the save(8) command on each client
machine in an NSR group by using the nsrexecd(8) remote save execution
service. See the nsrexecd(8) man page for details. For backward com‐
patibility with older versions of NetWorker, savegrp(8) will fall back
on using the rsh(1) protocol for remote execution if nsrexecd is not
running on a particular client.
Access to the NSR resources through the nsradmin(8) command or Net‐
Worker Management Console is controlled by the administrator attribute
on the NSR server resource (see nsr_service(5)). This attribute has a
list of names of the users who have permission to administer that
resources. Names that begin with an ampersand (&) denote netgroups
(see netgroup(5)). Also names can be of the form user@host or
user=user,host=host to authorize a specific user on a specific host.
ROOT PRIVILEGES
The system administrator can grant root privileges to specific groups
of users by changing the mode of a NetWorker program to setuid-root and
setgid-group. (See chgrp(1) and chmod(1) for more details.)
When a user invokes a program that is both setuid-root and setgid-
group, he may retain root privileges if one of the following is true:
1. The user's name and the program's group name are identical.
2. One of the process's supplementary group id names is identical
to the program's group name. (See getgroups(2) for more
details.)
3. The user's name is an element of the netgroup whose name is
identical to the program's group name. (See getgrnam(3) for
more details.)
For example, the mode and group owner of the recover command can be
changed such that the ls output looks like:
-rws--s--x 1 root staff 548808 Apr 18 16:04 recover
A user invoking this command will retain root privileges if (1) his
name is ``staff'', or (2) he is a member of the group ``staff'', or (3)
his name appears as an element of the netgroup ``staff''.
Granting root privileges may be applied to the following NetWorker pro‐
grams: nsrexec(8), nsrports(8), recover(8), nwretrieve(8), nwre‐
cover(8), nsrclone(8), nsrssc(8), nsrmm(8), mmpool(8), mmlocate(8),
nsrjb(8), nsrinfo(8), nsrstage(8), nsrcap(8), save(8), nsrpmig(8),
nwbackup(8), nsrck(8), nsrim(8), jbconfig(8), nsrcnct(8), and scan‐
ner(8).
NAMING AND AUTHENTICATION
As described above, the NSR server only accepts connections initiated
from the machines listed as clients or listed in the remote access list
(for recovering). Since machines may be connected to more than one
physical network and since each physical network connection may have
numerous aliases, the policies below are used as a compromise between
security and ease of use. For further information about naming in the
UNIX environment, refer to gethostent(3) or other documentation on name
services.
A client determines its own name as follows. First the client's UNIX
system name is acquired via the gethostname(2) system call. The UNIX
system name is used as a parameter to the gethostbyname(3) library rou‐
tine. The client declares its name to be the official (or ``primary'')
name returned by gethostbyname. This name is passed to the NetWorker
server during connection establishment.
A server authenticates a client connection by reconciling the connec‐
tion's remote address with client's stated name. The address is mapped
to a list of host names via the gethostbyaddr(3) library function.
Next, the client's stated name is used as a parameter to gethostbyname
to acquire another list of host names. The client is successfully
authenticated only if a common name between the two lists exists.
The NetWorker server maps a client's name to an on-line index database
name by resolving the client's name to the official name returned by
gethostbyname. This mapping takes place both at client creation time
and at connection establishment time.
To ensure safe and effective naming, the following rules should be
employed:
1) The NetWorker clients and servers should access consistent host
name databases. NIS (YP) and the Domain Name System (DNS) are
naming subsystems that aid in host name consistency.
2) All hosts entries for a single machine should have at least one
common alias among them.
3) When creating a new client, use a name or alias that will map back
to the same official name that the client machine produces by
backward mapping its UNIX system name.
SEE ALSOrsh(1), gethostname(2), gethostent(3), netgroup(5), nsr(5),
nsr_layout(5), nsr_resource(5), ypfiles(5), ypmake(5), mminfo(8),
nsr_crash(8), nsr_ize(8), nsr_service(5), nsr_shutdown(8), nsradmin(8),
nsrck(8), nsrclone(8), nsrd(8), nsrexecd(8), nsrim(8), nsrindexasm(8),
nsrindexd(8), nsrinfo(8), nsrjb(8), nsrls(8), nsrmm(8), nsrmmd(8),
nsrmmdbasm(8), nsrmmdbd(8), nsrwatch(8), nwbackup(8), nwrecover(8),
recover(8), mmrecov(8), save(8), savefs(8), savegrp(8), scanner(8),
uasm(8).
The NetWorker Administrator's Guide
NetWorker 7.3.2 Aug 23, 06 NSR(8)