SQL Server备份和移动备份文件:如何处理文件权限?
[英]Sql Server Backup and move backup file: How to cope with file permissions?
问题描述
With our product we have a simple backup tool for the sql server database. 
使用我们的产品,我们为sql server数据库提供了一个简单的备份工具。 This tool should just make a full backup and restore to and from any folder. 这个工具应该只是做一个完整的备份和恢复,并从任何文件夹。
Of course, the user (usually an administrator) needs permission to write to the target folder. 当然,用户(通常是管理员)需要权限才能写入目标文件夹。
To avoid the problem of not being able to perform a backup to a network drive, I write the backup to a temp file in the Sql Server backup directory. 为避免无法对网络驱动器执行备份的问题, 我将备份写入Sql Server备份目录中的临时文件中。 Then I move it to the target folder. 然后,将其移动到目标文件夹。 This requires permission to delete the temporary file from the sql servers backup folder. 这需要从sql server备份文件夹中删除临时文件的权限。 Restore is the same in the other direction. 还原在另一个方向上相同。
This seemed to work fine until someone tested it on vista, where the user does not have write access to the backup folder by default. 直到有人在vista上对其进行测试之前,这似乎工作正常,在默认情况下,该用户对备份文件夹没有写访问权 。
So there are many solutions to solve this, but none of them seemed to be really nice. 因此,有许多解决方案可以解决此问题,但似乎没有一个很好。
One solution would be to find another folder for the temporary file. 一种解决方案是为临时文件找到另一个文件夹。 Both the sql server user as well as the administrator performing the backup need read and write permissions. sql服务器用户和执行备份的管理员都需要读取和写入权限。 Is there such a directory? 有这样的目录吗?
Any other ideas? 还有其他想法吗? Thanks a lot. 非常感谢。
Edit: Solution must work with Sql Server 2005 and 2008, C# 3.0 (Smo), Windows XP and Vista. 编辑:解决方案必须与Sql Server 2005和2008,C#3.0(Smo),Windows XP和Vista一起使用。
2 个解决方案
解决方案1
0 2010-03-17 17:09:02
Applications performing backup operations can request to open files in the backup mode. 执行备份操作的应用程序可以请求以备份模式打开文件。 What that means is that the application has the SeBackupPrivilege privilege and it opens files with the FILE_FLAG_BACKUP_SEMANTICS flag set: 这意味着该应用程序具有SeBackupPrivilege特权,并打开设置了FILE_FLAG_BACKUP_SEMANTICS标志的文件:
SeBackupPrivilege —allows file content retrieval, even if the security descriptor on the file might not grant such access.
While this sounds technical and complicated, what it boils down to in practice is to copy the files using ROBOCOPY /B 虽然这听起来很技术复杂,但实际上可以归结为使用ROBOCOPY /B复制文件
解决方案2
0 已采纳 2010-03-19 09:20:30
Ok, I found the solution. 好的,我找到了解决方案。 It is actually pretty simple if you know a bit more about Vista then I do. 如果您对Vista有所了解,那我实际上就很简单。
The backup folder is configured the same way as under XP, but the administrator permissions are not available until the process is in elevated mode. 备份文件夹的配置方式与XP下相同,但是只有在提升模式下,管理员权限才可用。 To get there, I just needed to add a manifest to the executable which requires the administrator privileges: 要到达那里,我只需要向需要管理员权限的可执行文件中添加清单即可:
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
Now I get an UAC when calling the application and everything works fine. 现在,我在调用应用程序时得到一个UAC,一切正常。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.