6.1 Linux/UNIX Systems

In NICI versions earlier than 2.7.0, the /var/novell/nici directory contains all the system and user directories and files.

6.1.1 Performing a Backup

The NICI configuration files are located in the var/opt/novell/nici directory. The configuration files are associated with each user account on the operating system. In order to back up a user’s configuration files, you must preserve the contents of the novell configuration directory and the user-specific subdirectory within it (alternatively, back up everything within the directory). You might find some executables in the directory. They do not need to be backed up.

Applications that use NICI to perform cryptography might have dependencies on data that NICI manages. If so, it might be necessary to back up the NICI configuration files in order to recover the encrypted data, or just to preserve the state of the files as part of an incremental backup. This section assumes that you have other means to perform disaster recovery or rebuild a system and just need to know which files must be backed up and restored in order to preserve critical NICI data that is not recoverable by simply reinstalling NICI. You should consult the individual application documentation to determine if NICI data is critical to the application. If it is, the NICI files should be backed up at the time the application data is backed up.

The critical NICI configuration files are listed in Table 3-1. Some of those files are unique to a specific user. The configuration files are all contained within the var/opt/novell/nici directory. This directory contains common files; files unique to specific users are contained within subdirectories of that directory. For simplicity, you can back up the entire directory structure or back up the common files and specific user files, whichever is most convenient. Be sure that you can restore the access rights on the directories and files later. When you restore the files you can make decisions about exactly which files must be recovered. Be sure to note which version of NICI is installed, because the configuration files might not be compatible with earlier versions.

The directories and files that need to be backed up depend on the version of NICI that you are running. Regardless of what version of NICI you are running, however, remember to preserve the rights on all the directories and files.

For NICI Versions Earlier than 2.7.0

The following sections are sorted by operating system, and list the directories and files that need to be backed up:

UNIX

Directory/File Name

File Type and Special Instructions

/etc/nici.cfg

Configuration file.

Linux

Directory/File Name

File Type and Special Instructions

/usr/lib/libccs2.so

Symbolic link to the actual library in /usr/lib/.

/usr/lib/libccs2.so.*

NICI library. The version of the library completes the name.

Common Files Directory

Directory/File Name

File Type and Special Instructions

/var/novell/nici

Contains all the system keys, user directories, files, and programs used to initialize NICI.

For NICI Versions 2.7.0 and Later

The following sections are sorted by operating system, and list the directories and files that need to be backed up:

UNIX

Directory/File Name

File Type and Special Instructions

/etc/opt/novell/nici.cfg

32-bit configuration file.

For an example of a 32-bit configuration file, see 32-Bit Configuration.

/etc/opt/novell/nici64.cfg

64-bit configuration file.

For an example of a 64-bit configuration file, see 64-Bit Configuration.

Linux

Directory/File Name

File Type and Special Instructions

/opt/novell/lib/libccs2.so*

32-bit NICI library.

The version of the library completes the name.

/opt/novell/lib64/libccs2.so*

64-bit NICI library.

The version of the library completes the name.

Solaris

Directory/File Name

File Type and Special Instructions

/opt/novell/lib

32-bit NICI library.

/opt/novell/lib/sparcv9

64-bit NICI library.

64-bit is supported only on Solaris 10.

Common Files Directory

Directory/File Name

File Type and Special Instructions

/var/opt/novell/nici

Contains all the system keys, user directories, files, and programs used to initialize NICI.

NOTE:Depending on your operating system and the version of NICI installed, there might be additional files, particularly executable files, within the directories. Those additional files, which are created during NICI installation, do not need to be backed up. See Table 3-1 for a list of the configuration files.

6.1.2 Restoring NICI

At some point it might be necessary to recover NICI configuration files so that the information they contain can be used to decrypt data for an application or simply to restore NICI to a previous state. We assume that you backed up the NICI configuration files at the same time you backed up the application.

WARNING:Overwriting existing NICI configuration files can cause critical data to be lost. If an application has used NICI to encrypt data and the NICI configuration files are lost, it might not be possible to recover the encrypted data. Always keep copies of any files you overwrite. Different applications might have conflicting needs and you might need to recover the data for one application, then restore the system again to recover the data for a second application or continue with normal operations.

  1. Reinstall NICI to a known good state.

  2. Determine which user files must be restored.

    It might be necessary to recover files from one user directory and place them in a different user directory if the users on the system have changed. For example, if Bob originally encrypted data, then the data should not accidentally be revealed to Mary.

  3. Recover the common configuration files and the appropriate user-specific files.

    This might invalidate the configuration files for other users not recovered from the same backup. It might be appropriate to just delete all the configuration files before attempting to restore any specific user files. Re-establish the correct access rights so that each user has approved access to the correct configuration files.

The administrator should perform these steps. However, a knowledgeable operator could restore individual files or directories, possibly changing the names of the files or directories and assigning new access rights.

This can be done if the nicifk and xmgrcfg.wks files haven't changed from those on the backup store.

The following guidelines for each file/directory are recommended when restoring if NICI is already installed on the server:

Table 6-1 File/Directory Guidelines

Filename

Guidelines

xarchive.000

Can be restored over an existing file.

xmgrcfg.nif

Can be restored over an existing file.

User-specific directories and files

Make sure that the user ID in the backup is the same as the user on the machine. If the user directory already exists, then it must be determined if the user wants to keep the current files or restore them to a previous state. Normally, user configuration files should be restored as a group rather than individually. Be sure to restore the user files under the correct user’s user ID and to restore the rights on the user directory and contents. For example, if BOB had user ID 1000 at the time of the backup but now has user ID 5000, then the files in the backed up directory 1000 should be restored to directory 5000, or BOB’s UID must be changed back to 1000. The restore process must not simply restore the user directories without input from the operator. In either case, a backup of the existing NICI user directory needs to be done.