[PLUG] Need to prevent accidental data destruction

wes plug at the-wes.com
Tue Dec 4 18:27:25 UTC 2012


create a non-root-privilege account and use sudo to perform any necessary
maintenance. only give access to the needed commands via sudo and nothing
more.

-wes


On Tue, Dec 4, 2012 at 9:59 AM, <plugng3 at martinconsulting.com> wrote:

> Hey Pluggers,
>
> The only think I hate worse than unscheduled downtime is data loss, and I
> have a situation where it would be very easy to accidentally destroy a lot
> of data very quickly.  I'd like to see if anyone has a clever idea about
> preventing this from happening.
>
> Here's the situation:
> 1) I have a current Linux system running as a host to virtual machines.
> 2) I have a hardware RAID (call it /dev/sdb) holding many terabytes of
> data.
>
> 3) /dev/sdb has no partition table, and is formatted as an entire-disk file
> system, if that matters
> 4) /dev/sdb is attached to one of the virtual machines (also current
> Linux),
> which reads and writes files on /dev/sdb regularly
>
> So far, so good, and everything works.  Here's the scenario I'm worried
> about:  an accidental mount of /dev/sdb on the host system, either via
> typing in the wrong window or during some maintenance task when the virtual
> machine is thought to be shut down but isn't,  will corrupt that file
> system
> and lead to the possible loss of all those terabytes of data.
>
> Yes, I have backups (which might take days to restore), and yes there's a
> chance I could recover some or all of the data with various tools, but
> those
> are fixing a problem.  I want to avoid the problem altogether.  Can any of
> you think of a clever way to provide a layer of protection around opening
> the device from the host level?  SELinux, perhaps?
>
>                                      -Brian
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>



More information about the PLUG mailing list