About restoring the files that have Access Control Lists (ACLs)
An Access Control List (ACL) is a table that conveys the access rights users need to a file or directory. Each file or directory can have a security attribute that extends or restricts users' access.
By default, the nbtar (/usr/openv/netbackup/bin/nbtar) restores ACLs along with file and directory data.
However, in some situations the ACLs cannot be restored to the file data, as follows:
Where the restore is cross-platform.
When a restore utility (tar) other than nbtar is used to restore files.
In these instances, NetBackup stores the ACL information in a series of generated files in the root directory using the following naming form:
.SeCuRiTy.nnnn
These files can be deleted or can be read and the ACLs regenerated by hand.
Note:
If performing an alternate restore where the original directory was ACL-enabled, the alternate restore directory must also be ACL-enabled. If the alternate restore directory is not ACL-enabled, the restore is not successful.
You can use the NetBackup web UI to restore data without restoring the ACLs. Both the destination client and the source of the backup must be Windows systems.
To restore files without restoring ACLs, the following conditions must be met:
The policy that backed up the client is the policy type MS-Windows.
The restore is performed from the server. The option is unavailable on standalone clients (clients that do not contain the NetBackup server software).
You must have the RBAC role Administrator or a role with similar permissions.
You must have the RBAC role or or have a role with similar permissions.
The destination client and the source of the backup must both be systems running supported Windows OS levels. The option is disabled on UNIX clients.
Use the following procedure to restore files without restoring ACLs.
To restore files without restoring ACLs
- Sign in to the primary server using the NetBackup web UI.
- On the left, select Recovery.
- On the Regular recovery card, select Start recovery.
- Select the policy type MS-Windows.
- Select the restore type Normal backups.
- For the Source client select the client that was backed up.
- (Optional) To redirect the restore to a different client, enter the Destination client name.
- Select Next.
- To restore files from a backup other than the most recent, follow these steps:
You can restore from the most recent backup or select a specific backup:
If any backups for the client are within the specified date range, NetBackup populates the right pane with the information about the most recent backup. On the left, select the files.
To restore files from a backup other than the most recent, follow these steps:
Next to Date range select Edit. Then select Use backup history.
Select the wanted backup and select Apply.
- Select the files to restore. Then select Next.
- In the Recovery options, select Restore without access-control attributes.
- Make any other selections for the restore job. Then select Next.
- Select Start recovery.