RHCSA (031): Season 2 - Scenario 6 of 25: Advanced Archive Recovery
Episode 31 Executive Summary
In this Advanced Archive Recovery RHCSA lab scenario, I start performing the lab after a 6 minute introduction by the podcast hosts. You will get the most out of this lab if you listen to the entire show and then try to practice the lab several times, either along with me or by yourself.
The Advanced Archive Recovery lab simulates a critical failure where a runaway script has recursively destroyed permissions in a sensitive data directory, halting automated backups. This specific scenario frequently trips up RHCSA candidates because a simple, recursive permission fix will improperly make data files executable, creating a security risk. You are stepping into a server where you must precisely restore directory traversal rights without over-permissioning the underlying files. My goal is to provide you with a realistic troubleshooting scenario that forces you to use advanced find commands to isolate directories from files before archiving.
The core of this challenge forces you to master the nuances of the tar command and permission preservation. I intentionally configured the target directory to require a change directory operation to prevent absolute path errors during extraction. You cannot simply compress the folder from the root directory; you must understand how to create a portable, bzip2 compressed archive that retains the exact octal permissions of the restored files. This sequence is designed to harden your understanding of Linux archiving tools and the find command, ensuring you can reliably back up application data without creating extraction warnings.
We finish with a verification task that validates your ability to inspect compressed archives without extracting them. The exam and real-world operations frequently require you to verify the contents and relative paths of a tarball to guarantee the backup is functional. You will verify that the archive contains the correct relative paths and that the files inside reflect the precise 644 and 755 permissions you restored. By the end of this episode, you will have transformed a broken directory structure into a secure, portable backup, proving your ability to handle complex file management with the precision required of a Red Hat system administrator.
Keywords: RHCSA, Red Hat Enterprise Linux, RHEL 10, tar command, bzip2, file permissions, chmod, find command, absolute paths, relative paths, archive preservation, backup administration, system administration, EX200 training
EPISODE 031: Advanced Archive Recovery
* Season: 2 | Difficulty: High
* Objectives: Primary 1.6, 1.8, 1.10; Secondary 9.1
* Lab Focus: tar absolute-paths, find, recursive-permissions, preserve-permissions
* URL: https://djere.com/rhcsa-031-season-2-scenario-6-of-25-advanced-archive-recovery.html
***
### 1. SCENARIO BRIEF (THE PROBLEM)
A runaway script recursively set all files and directories in /opt/app-server/data to 000, halting the backup system. You must restore directory traversal without making the underlying sensitive files executable. Then, you must create a bzip2 compressed archive of the data directory. The archive must preserve all internal file permissions, must not contain absolute paths to prevent extraction errors, and must be owned by a newly created backup-svc account.
***
### 2. TASK ANALYSIS (THE "WHY")
* 1.10: Bulk permission fixes require isolating directories from files. Using chmod recursively without distinction is a critical failure point.
* 1.6: The tar command strips leading slashes by default. Using the directory change flag (-C) is mandatory for clean, portable archives. Preserving permissions (-p) ensures the restored data maintains its security posture.
* 9.1: Service accounts ensure automated processes do not require root access.
***
### 3. SOLUTION STEPS
#### Step 1: Environment Setup (Root Only)
# Verify required packages are installed, installing them if missing
if ! rpm -q tar bzip2 findutils; then dnf install -y tar bzip2 findutils; fi
# Create the nested directory structure
mkdir -p /opt/app-server/data/configs
# Generate the dummy configuration files
touch /opt/app-server/data/app1.conf /opt/app-server/data/configs/app2.conf
# Simulate the destructive runaway script by stripping all permissions
chmod -R 000 /opt/app-server/data
# Create the destination directory for the final archive
mkdir -p /backup-manager
#### Step 2: Core Implementation (Execute as root)
# Target only directories (-type d) and apply 755 (rwxr-xr-x) to restore traversal rights
find /opt/app-server/data -type d -exec chmod 755 {} +
# Target only files (-type f) and apply 644 (rw-r--r--) to restore read/write without execution
find /opt/app-server/data -type f -exec chmod 644 {} +
# Create a dedicated service account to isolate backup operations
useradd backup-svc
# Create (-c) a bzip2 (-j) archive, preserve permissions (-p), specify filename (-f)
# Crucially, change directory (-C) to /opt/app-server before targeting 'data' to avoid absolute paths
tar -cjpvf /backup-manager/app-data.tar.bz2 -C /opt/app-server data
# Transfer ownership of the final archive to the dedicated service account
chown backup-svc:backup-svc /backup-manager/app-data.tar.bz2
# Technical Breakdown: find safely applies targeted octal permissions. tar -c creates, -j uses bzip2, -p preserves permissions, -f names the file, and -C changes to the parent directory before archiving.
# Pro-Tip: Never use chmod -R 777 or 755 in an exam or production environment. Always use find to separate directory traversal needs from file read/write needs.
#### Step 3: Verification (The "Proof of Work")
# List (-t) the verbose (-v) contents of the specified file (-f) without extracting
tar -tvf /backup-manager/app-data.tar.bz2
* EXPECTED: Output must show relative paths starting with "data/" (not "/opt/app-server/data/") and correctly restored 644/755 permissions on the contents.
***
### 4. COMPREHENSIVE CLEANUP (ZERO-TRACE)
# Remove the lab directories forcefully and recursively
rm -rf /opt/app-server /backup-manager
# Delete the service account and its associated home directory
userdel -r backup-svc