In NICI versions earlier than 2.7.0, the /var/novell/nici directory contains all the system and user directories and files.
The NICI configuration files are located in the var/opt/novell/nici directory. The configuration files are associated with each user account on the operating system. In order to back up a user’s configuration files, you must preserve the contents of the novell configuration directory and the user-specific subdirectory within it (alternatively, back up everything within the directory). You might find some executables in the directory. They do not need to be backed up.
Applications that use NICI to perform cryptography might have dependencies on data that NICI manages. If so, it might be necessary to back up the NICI configuration files in order to recover the encrypted data, or just to preserve the state of the files as part of an incremental backup. This section assumes that you have other means to perform disaster recovery or rebuild a system and just need to know which files must be backed up and restored in order to preserve critical NICI data that is not recoverable by simply reinstalling NICI. You should consult the individual application documentation to determine if NICI data is critical to the application. If it is, the NICI files should be backed up at the time the application data is backed up.
The critical NICI configuration files are listed in Table 3-1. Some of those files are unique to a specific user. The configuration files are all contained within the var/opt/novell/nici directory. This directory contains common files; files unique to specific users are contained within subdirectories of that directory. For simplicity, you can back up the entire directory structure or back up the common files and specific user files, whichever is most convenient. Be sure that you can restore the access rights on the directories and files later. When you restore the files you can make decisions about exactly which files must be recovered. Be sure to note which version of NICI is installed, because the configuration files might not be compatible with earlier versions.
The directories and files that need to be backed up depend on the version of NICI that you are running. Regardless of what version of NICI you are running, however, remember to preserve the rights on all the directories and files.
The following sections are sorted by operating system, and list the directories and files that need to be backed up:
The following sections are sorted by operating system, and list the directories and files that need to be backed up:
Directory/File Name |
File Type and Special Instructions |
---|---|
/etc/opt/novell/nici.cfg |
32-bit configuration file. For an example of a 32-bit configuration file, see 32-Bit Configuration. |
/etc/opt/novell/nici64.cfg |
64-bit configuration file. For an example of a 64-bit configuration file, see 64-Bit Configuration. |
Directory/File Name |
File Type and Special Instructions |
---|---|
/var/opt/novell/nici |
Contains all the system keys, user directories, files, and programs used to initialize NICI. |
NOTE:Depending on your operating system and the version of NICI installed, there might be additional files, particularly executable files, within the directories. Those additional files, which are created during NICI installation, do not need to be backed up. See Table 3-1 for a list of the configuration files.
At some point it might be necessary to recover NICI configuration files so that the information they contain can be used to decrypt data for an application or simply to restore NICI to a previous state. We assume that you backed up the NICI configuration files at the same time you backed up the application.
WARNING:Overwriting existing NICI configuration files can cause critical data to be lost. If an application has used NICI to encrypt data and the NICI configuration files are lost, it might not be possible to recover the encrypted data. Always keep copies of any files you overwrite. Different applications might have conflicting needs and you might need to recover the data for one application, then restore the system again to recover the data for a second application or continue with normal operations.
Reinstall NICI to a known good state.
Determine which user files must be restored.
It might be necessary to recover files from one user directory and place them in a different user directory if the users on the system have changed. For example, if Bob originally encrypted data, then the data should not accidentally be revealed to Mary.
Recover the common configuration files and the appropriate user-specific files.
This might invalidate the configuration files for other users not recovered from the same backup. It might be appropriate to just delete all the configuration files before attempting to restore any specific user files. Re-establish the correct access rights so that each user has approved access to the correct configuration files.
The administrator should perform these steps. However, a knowledgeable operator could restore individual files or directories, possibly changing the names of the files or directories and assigning new access rights.
This can be done if the nicifk and xmgrcfg.wks files haven't changed from those on the backup store.
The following guidelines for each file/directory are recommended when restoring if NICI is already installed on the server:
Table 6-1 File/Directory Guidelines