Autodir demands some extra requirements from the backup program being used: when the backup is working on the real directory, with corresponding expired virtual directory, and that virtual directory is requested again by an application while the backup is running, the backup process is killed. First a SIGTERM is sent to gracefully stop it. But if it does not shut down in time - and it has one second to do this - a SIGKILL will be sent, which is guaranteed to stop the backup.
Only when the backup has stopped the application is given access to the requested virtual directory. |
Whatever backup is used, it should be able to recover from this signal gracefully, not causing unrecoverable side effects. |
One more important issue is the environment in which the backup runs. All backup programs run as root. But at the same time all unnecessary root privileges are taken away using POSIX capabilities. In other words these backup programs can read any file or directory that belongs to any user on the system and nothing more than that. Other than that, the backup process behaves like an ordinary user level process.