tags:

views:

294

answers:

2
Q: 

Sql Server Backup and move backup file: How to cope with file permissions?

With our product we have a simple backup tool for the sql server database. This tool should just make a full backup and restore to and from any folder.

Of course, the user (usually an administrator) needs permission to write to the target folder.

To avoid the problem of not being able to perform a backup to a network drive, I write the backup to a temp file in the Sql Server backup directory. Then I move it to the target folder. This requires permission to delete the temporary file from the sql servers backup folder. Restore is the same in the other direction.

This seemed to work fine until someone tested it on vista, where the user does not have write access to the backup folder by default.

So there are many solutions to solve this, but none of them seemed to be really nice.

One solution would be to find another folder for the temporary file. Both the sql server user as well as the administrator performing the backup need read and write permissions. Is there such a directory?

Any other ideas? Thanks a lot.

Edit: Solution must work with Sql Server 2005 and 2008, C# 3.0 (Smo), Windows XP and Vista.

A: 

Applications performing backup operations can request to open files in the backup mode. What that means is that the application has the SeBackupPrivilege privilege and it opens files with the FILE_FLAG_BACKUP_SEMANTICS flag set:

SeBackupPrivilege—allows file content retrieval, even if the security descriptor on the file might not grant such access. A caller with SeBackupPrivilege enabled obviates the need for any ACL-based security check.

While this sounds technical and complicated, what it boils down to in practice is to copy the files using ROBOCOPY /B

Remus Rusanu  2010-03-17 17:09:02
And how can I delete the temporary file? (btw: It must also work on XP)
Stefan Steinegger  2010-03-18 06:46:17
To delete the file you need to have permission. If you don't have permissions, then you must create the backup file into a folder where you will *inherit* permission from the folder settings. Use a qualified path on the BACKUP statement for this so that SQL does not use the default folder. There is no such folder by default (where both SQL service account and the user have such permissions), such folder has to be created and proper ACLs must be set during your application deployment (during setup).
Remus Rusanu  2010-03-18 22:45:49
eg: SQL service account is domain\sqluser. The application is installed by domain\user. During Setup the .msi creates a folder in the domain\user's profile for backups, c:\Users\domain.user\AppData\MyApp\Backups. It grants create and write access to inherited objects in the folder to domain\sqluser. When application runs, it passes to SQL the full path c:\Users\...\Backups\backupfile.bak. SQL has access to create the file, user has full control over the resulted backup file (inherited from folder).
Remus Rusanu  2010-03-18 22:51:19
A: 

Ok, I found the solution. It is actually pretty simple if you know a bit more about Vista then I do.

The backup folder is configured the same way as under XP, but the administrator permissions are not available until the process is in elevated mode. To get there, I just needed to add a manifest to the executable which requires the administrator privileges:

<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />

Now I get an UAC when calling the application and everything works fine.

Stefan Steinegger  2010-03-19 09:20:30

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?