Re: [BackupPC-users] Setuid problem
Waitaminnit, the service status says it's running. Are you getting this error through the web interface, or on the commandline? On Sat, Nov 5, 2022, at 6:23 PM, Dave Bachmann wrote: > The only change to my service file was to uncomment the group; both user and > group had been properly configured as backuppc. I had reloaded the daemon. > The service reads as follows: > >>> [Unit] >>> Description=BackupPC server >>> After=syslog.target local-fs.target >>> >>> [Service] >>> Type=simple >>> User=backuppc >>> Group=backuppc >>> ExecStart=/usr/local/BackupPC/bin/BackupPC >>> ExecReload=/bin/kill -HUP $MAINPID >>> RuntimeDirectory=BackupPC >>> PIDFile=/var/run/BackupPC/BackupPC.pid >>> KillSignal=SIGTERM >>> Restart=always >>> RestartSec=1 >>> >>> [Install] >>> WantedBy=multi-user.target > the current status is: >> *●* backuppc.service - BackupPC server >> Loaded: loaded (/etc/systemd/system/backuppc.service; enabled; vendor >> preset: enabled) >> Active: * active (running)* since Sat 2022-11-05 12:15:29 PDT; 5h 56min >> ago >> Main PID: 598214 (BackupPC) >> Tasks: 1 (limit: 37524) >> Memory: 8.6M >>CPU: 84ms >> CGroup: /system.slice/backuppc.service >> └─598214 /usr/bin/perl /usr/local/BackupPC/bin/BackupPC >> >> Nov 05 12:15:29 eagle systemd[1]: Started BackupPC server. >> > Thanx for the suggestions. Any idea where to look to see why the system wants > to run it as ID 33? > __ Rob Sheldon ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
Re: [BackupPC-users] Setuid problem
The only change to my service file was to uncomment the group; both user and group had been properly configured as backuppc. I had reloaded the daemon. The service reads as follows: [Unit] Description=BackupPC server After=syslog.target local-fs.target [Service] Type=simple User=backuppc Group=backuppc ExecStart=/usr/local/BackupPC/bin/BackupPC ExecReload=/bin/kill -HUP $MAINPID RuntimeDirectory=BackupPC PIDFile=/var/run/BackupPC/BackupPC.pid KillSignal=SIGTERM Restart=always RestartSec=1 [Install] WantedBy=multi-user.target the current status is: ● backuppc.service - BackupPC server Loaded: loaded (/etc/systemd/system/backuppc.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2022-11-05 12:15:29 PDT; 5h 56min ago Main PID: 598214 (BackupPC) Tasks: 1 (limit: 37524) Memory: 8.6M CPU: 84ms CGroup: /system.slice/backuppc.service └─598214 /usr/bin/perl /usr/local/BackupPC/bin/BackupPC Nov 05 12:15:29 eagle systemd[1]: Started BackupPC server. Thanx for the suggestions. Any idea where to look to see why the system wants to run it as ID 33? From: Rob Sheldon Sent: Saturday, November 5, 2022 17:35 To: backuppc-users@lists.sourceforge.net Subject: Re: [BackupPC-users] Setuid problem On Fri, Nov 4, 2022, at 11:54 AM, Dave Bachmann wrote: > > I am running into the setuid problem, eg. when running it I receive the > following message: "Error: Wrong user: my userid is 33, instead of > 117(backuppc)" where userid 33 = www-data. > > /etc/systemd/system/backuppc.service has both user and group set to backuppc. > BackupPC_Admin has the following attributes: > -r-sr-xr-x 1 backuppc backuppc 3971 2022-11-03 10:38 BackupPC_Admin. Just to verify: you mean that you changed the "User=" and "Group=" lines in the "[Service]" section in your service file? Did you "sudo systemctl daemon-reload" after changing these? What does "sudo service backuppc status" say? This really smells like a systemd execution problem to me. The only thing I see BackupPC doing to verify its uid is checking the value of '$>' during startup; if it thinks its process uid is 33, that's gotta be because systemd is invoking it as that user. __ Rob Sheldon ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
Re: [BackupPC-users] Setuid problem
On Fri, Nov 4, 2022, at 11:54 AM, Dave Bachmann wrote: > > I am running into the setuid problem, eg. when running it I receive the > following message: "Error: Wrong user: my userid is 33, instead of > 117(backuppc)" where userid 33 = www-data. > > /etc/systemd/system/backuppc.service has both user and group set to backuppc. > BackupPC_Admin has the following attributes: > -r-sr-xr-x 1 backuppc backuppc 3971 2022-11-03 10:38 BackupPC_Admin. Just to verify: you mean that you changed the "User=" and "Group=" lines in the "[Service]" section in your service file? Did you "sudo systemctl daemon-reload" after changing these? What does "sudo service backuppc status" say? This really smells like a systemd execution problem to me. The only thing I see BackupPC doing to verify its uid is checking the value of '$>' during startup; if it thinks its process uid is 33, that's gotta be because systemd is invoking it as that user. __ Rob Sheldon ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
Re: [BackupPC-users] Setuid problem
I guess I wasn't clear in my reply as I had tried apt install backuppc. I probably mixed-up which attempt had generated the warning that it hadn't created the config.pl as I have had multiple cycles of trying to install it, wiping away the failed installation, and trying again. From: Paul Fox Sent: Saturday, November 5, 2022 14:43 To: General list for user discussion, questions and support Subject: Re: [BackupPC-users] Setuid problem Dave Bachmann wrote: >I had tried that earlier but it had other errors - just can't recall the >details right now, but on one of my attempts there was a message at the >end that configure.pl did not replace config.pl despite the fact that I think Les wasn't asking about a package that requires "configure.pl", which implies you're building it yourself. I think the question was more along the lines of, why didn't you do "apt install backuppc"? paul >there was no existing config.pl at that time. >I have since been using BackupPC-4.4.0.tar.gz. Before unpacking and >installing it I deleted all files owned by backuppc that had been >previously installed. There remains the possibility that there is a config >file somewhere that has a pointer or values from my previous attempt, but >I'm not sure how to identify them. > >══ > >From: Les Mikesell >Sent: Saturday, November 5, 2022 13:13 >To: General list for user discussion, questions and support > >Subject: Re: [BackupPC-users] Setuid problem > >On Sat, Nov 5, 2022 at 2:57 PM Dave Bachmann >wrote: >> >> This reinforces my fear that the latest install may not have run >properly and that there are other problems lurking. I expect that >index.cgi should have been created by configure.perl, but don't understand >why it wasn't. What's involved in creating it post-hoc? >> > >Is there some reason you don't use the packaged version for your linux >distribution? > >-- > Les Mikesell > lesmikes...@gmail.com > >___ >BackupPC-users mailing list >BackupPC-users@lists.sourceforge.net >List:[1]https://lists.sourceforge.net/lists/listinfo/backuppc-users >Wiki:[2]https://github.com/backuppc/backuppc/wiki >Project: [3]https://backuppc.github.io/backuppc/ > > References > >Visible links >1. https://lists.sourceforge.net/lists/listinfo/backuppc-users >2. https://github.com/backuppc/backuppc/wiki >3. https://backuppc.github.io/backuppc/ > ___ > BackupPC-users mailing list > BackupPC-users@lists.sourceforge.net > List:https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki:https://github.com/backuppc/backuppc/wiki > Project: https://backuppc.github.io/backuppc/ =-- paul fox, p...@foxharp.boston.ma.us (arlington, ma, where it's 65.8 degrees) ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
Re: [BackupPC-users] Missing backup files
Adam Goryachev via BackupPC-users wrote at about 11:03:20 +1100 on Saturday, November 5, 2022: > I just had to comment here > > I don't understand why you would NOT want backuppc to have at least read > access to ALL data, including data only accessible to root. I assume you > would not be suggesting that you run a separate backup system for each > user, so why would you want to either: > > 1) Not backup root data > 2) Run a separate backup solution just for root data > > I guess this will go back to how you setup your data security etc, but > regardless of what you do, I would strongly suggest you ensure ALL data > is backed up (because it is always the unimportant file that needs to be > restored most urgently and is critical). > > So, for my, I use SSH + rsync to backup ALL target systems, and do that > using the root user on the destination, and I simply use the same method > for localhost. For some additional security and peace-of-mind, I create a new user on my remote machines that you could call say backuppc_client that I then access using sudo with very restricted sudoer privileges based on the specific rsync command used to backup. Now I know that this isn't perfect, but it feels safer than just ssh'ing as root... ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
Re: [BackupPC-users] Setuid problem
Dave Bachmann wrote: >I had tried that earlier but it had other errors - just can't recall the >details right now, but on one of my attempts there was a message at the >end that configure.pl did not replace config.pl despite the fact that I think Les wasn't asking about a package that requires "configure.pl", which implies you're building it yourself. I think the question was more along the lines of, why didn't you do "apt install backuppc"? paul >there was no existing config.pl at that time. >I have since been using BackupPC-4.4.0.tar.gz. Before unpacking and >installing it I deleted all files owned by backuppc that had been >previously installed. There remains the possibility that there is a config >file somewhere that has a pointer or values from my previous attempt, but >I'm not sure how to identify them. > >══ > >From: Les Mikesell >Sent: Saturday, November 5, 2022 13:13 >To: General list for user discussion, questions and support > >Subject: Re: [BackupPC-users] Setuid problem > >On Sat, Nov 5, 2022 at 2:57 PM Dave Bachmann >wrote: >> >> This reinforces my fear that the latest install may not have run >properly and that there are other problems lurking. I expect that >index.cgi should have been created by configure.perl, but don't understand >why it wasn't. What's involved in creating it post-hoc? >> > >Is there some reason you don't use the packaged version for your linux >distribution? > >-- > Les Mikesell > lesmikes...@gmail.com > >___ >BackupPC-users mailing list >BackupPC-users@lists.sourceforge.net >List:[1]https://lists.sourceforge.net/lists/listinfo/backuppc-users >Wiki:[2]https://github.com/backuppc/backuppc/wiki >Project: [3]https://backuppc.github.io/backuppc/ > > References > >Visible links >1. https://lists.sourceforge.net/lists/listinfo/backuppc-users >2. https://github.com/backuppc/backuppc/wiki >3. https://backuppc.github.io/backuppc/ > ___ > BackupPC-users mailing list > BackupPC-users@lists.sourceforge.net > List:https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki:https://github.com/backuppc/backuppc/wiki > Project: https://backuppc.github.io/backuppc/ =-- paul fox, p...@foxharp.boston.ma.us (arlington, ma, where it's 65.8 degrees) ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
Re: [BackupPC-users] Setuid problem
I had tried that earlier but it had other errors - just can't recall the details right now, but on one of my attempts there was a message at the end that configure.pl did not replace config.pl despite the fact that there was no existing config.pl at that time. I have since been using BackupPC-4.4.0.tar.gz. Before unpacking and installing it I deleted all files owned by backuppc that had been previously installed. There remains the possibility that there is a config file somewhere that has a pointer or values from my previous attempt, but I'm not sure how to identify them. From: Les Mikesell Sent: Saturday, November 5, 2022 13:13 To: General list for user discussion, questions and support Subject: Re: [BackupPC-users] Setuid problem On Sat, Nov 5, 2022 at 2:57 PM Dave Bachmann wrote: > > This reinforces my fear that the latest install may not have run properly and > that there are other problems lurking. I expect that index.cgi should have > been created by configure.perl, but don't understand why it wasn't. What's > involved in creating it post-hoc? > Is there some reason you don't use the packaged version for your linux distribution? -- Les Mikesell lesmikes...@gmail.com ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
Re: [BackupPC-users] Setuid problem
On Sat, Nov 5, 2022 at 2:57 PM Dave Bachmann wrote: > > This reinforces my fear that the latest install may not have run properly and > that there are other problems lurking. I expect that index.cgi should have > been created by configure.perl, but don't understand why it wasn't. What's > involved in creating it post-hoc? > Is there some reason you don't use the packaged version for your linux distribution? -- Les Mikesell lesmikes...@gmail.com ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
Re: [BackupPC-users] Setuid problem
Thanx for the suggestion! I do not have the /usr/lib/backuppc/cgi-bin/ folder. All that I have in /var/www/cgi-bin/BackupPC/ is: -r-sr-xr-x 1 backuppc backuppc 3971 2022-11-03 10:38 BackupPC_Admin with the parent folders all owned by root. This reinforces my fear that the latest install may not have run properly and that there are other problems lurking. I expect that index.cgi should have been created by configure.perl, but don't understand why it wasn't. What's involved in creating it post-hoc? Dave From: Paul Fox Sent: Saturday, November 5, 2022 12:20 To: General list for user discussion, questions and support Subject: Re: [BackupPC-users] Setuid problem >I am running into the setuid problem, eg. when running it I receive the >following message: "Error: Wrong user: my userid is 33, instead of >117(backuppc)" where userid 33 = www-data. And is your index.cgi setuid to backuppc, like this? $ ls -l /usr/lib/backuppc/cgi-bin/ total 16 -rwsr-x--- 1 backuppc www-data 14488 Mar 7 2022 index.cgi* =-- paul fox, p...@foxharp.boston.ma.us (arlington, ma, where it's 68.7 degrees) ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
Re: [BackupPC-users] Setuid problem
>I am running into the setuid problem, eg. when running it I receive the >following message: "Error: Wrong user: my userid is 33, instead of >117(backuppc)" where userid 33 = www-data. And is your index.cgi setuid to backuppc, like this? $ ls -l /usr/lib/backuppc/cgi-bin/ total 16 -rwsr-x--- 1 backuppc www-data 14488 Mar 7 2022 index.cgi* =-- paul fox, p...@foxharp.boston.ma.us (arlington, ma, where it's 68.7 degrees) ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
Re: [BackupPC-users] Setuid problem
Thanx for the suggestion! I had set up the backuppc UIDs right after installing Ubuntu and neither the user nor group IDs from the old server had been assigned then. I have since run find for both the user (117) and group (126) and, with the exception of the numbered /proc files, all files and folders found were clearly associated with BackupPC. I expect I still have the option of using mod_perl and SCGI, but until I discover why I'm having this problem, I'll be suspicious of other problems lurking unseen. Dave From: jbk Sent: Saturday, November 5, 2022 07:19 To: Dave Bachmann ; backuppc-user Subject: Re: [BackupPC-users] Setuid problem I think your problem is exactly this step as the error you are getting says: I've configured BackupPC on the new server with all the same requested settings as was on the old server and had even predefined the user and group backuppc to match the same UIDs as on the old server to ensure compatibility with the existing USB data drive. I've compared configure.pl on both machines and have noticed no significant differences. I am running into the setuid problem, eg. when running it I receive the following message: "Error: Wrong user: my userid is 33, instead of 117(backuppc)" where userid 33 = www-data. During system install other system daemons have been assigned the same UID's as you have assigned the backuppc user and httpd and their owned files. I've gone through this process and it is a good afternoons worth of painstaking hunting down the daemons in etc/passwd and changing their and their owned files UID's first prior to installing backuppc and httpd (apache). It's painful but you get to learn some other tools to search out and make changes. Fortunately I don't have to do it more often than every ten years. On 11/4/22 14:54, Dave Bachmann wrote: My old server is dying, I've purchased a new machine to replace it, and am having difficulties getting BackupPC working properly. The old server has been running various LTS versions of Ubuntu and BackupPC for at least 10 years and both it and the new server are now running Ubuntu 22.04.1 with perl 5.34.0. I've configured BackupPC on the new server with all the same requested settings as was on the old server and had even predefined the user and group backuppc to match the same UIDs as on the old server to ensure compatibility with the existing USB data drive. I've compared configure.pl on both machines and have noticed no significant differences. I am running into the setuid problem, eg. when running it I receive the following message: "Error: Wrong user: my userid is 33, instead of 117(backuppc)" where userid 33 = www-data. /etc/systemd/system/backuppc.service has both user and group set to backuppc. BackupPC_Admin has the following attributes: -r-sr-xr-x 1 backuppc backuppc 3971 2022-11-03 10:38 BackupPC_Admin. I've reviewed the section "The CGI script doesn't run; how do I fix it?", but I still don't quite understand how to fix it. The testsetuid script returns root when run by root and my name when I run it as myself; it does not execute when run by user backuppc. Any thoughts and suggestions gratefully accepted as I continue to lose my remaining hair. TIA, Dave ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
Re: [BackupPC-users] Setuid problem
I think your problem is exactly this step as the error you are getting says: /I've configured BackupPC on the new server with all the same requested settings as was on the old server and had even predefined the user and group backuppc to match the same UIDs as on the old server to ensure compatibility with the existing USB data drive. I've compared configure.pl on both machines and have noticed no significant differences./ // / / // /I am running into the setuid problem, eg. when running it I receive the following message: "Error: Wrong user: my userid is 33, instead of 117(backuppc)" where userid 33 = www-data. /During system install other system daemons have been assigned the same UID's as you have assigned the backuppc user and httpd and their owned files. I've gone through this process and it is a good afternoons worth of painstaking hunting down the daemons in etc/passwd and changing their and their owned files UID's first prior to installing backuppc and httpd (apache). It's painful but you get to learn some other tools to search out and make changes. Fortunately I don't have to do it more often than every ten years. On 11/4/22 14:54, Dave Bachmann wrote: My old server is dying, I've purchased a new machine to replace it, and am having difficulties getting BackupPC working properly. The old server has been running various LTS versions of Ubuntu and BackupPC for at least 10 years and both it and the new server are now running Ubuntu 22.04.1 with perl 5.34.0. I've configured BackupPC on the new server with all the same requested settings as was on the old server and had even predefined the user and group backuppc to match the same UIDs as on the old server to ensure compatibility with the existing USB data drive. I've compared configure.pl on both machines and have noticed no significant differences. I am running into the setuid problem, eg. when running it I receive the following message: "Error: Wrong user: my userid is 33, instead of 117(backuppc)" where userid 33 = www-data. /etc/systemd/system/backuppc.service has both user and group set to backuppc. BackupPC_Admin has the following attributes: -r-sr-xr-x 1 backuppc backuppc 3971 2022-11-03 10:38 BackupPC_Admin. I've reviewed the section "The CGI script doesn't run; how do I fix it?", but I still don't quite understand how to fix it. The testsetuid script returns root when run by root and my name when I run it as myself; it does not execute when run by user backuppc. Any thoughts and suggestions gratefully accepted as I continue to lose my remaining hair. TIA, Dave ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
Re: [BackupPC-users] Missing backup files
Hi there, On Sat, 5 Nov 2022, Adam Goryachev wrote: I don't understand why you would NOT want backuppc to have at least read access to ALL data, including data only accessible to root. Because I wouldn't want BackupPC to be a vector for compromise. The whole point of giving read access only to root is so that *only* root has access. :) It's a security posture. I assume you would not be suggesting that you run a separate backup system for each user Correct. so why would you want to either: 1) Not backup root data ??!! 2) Run a separate backup solution just for root data I guess this will go back to how you setup your data security etc, Exactly. The BackupPC system is rather complex. As commonly used it involves, for example, a Web server and a browser. These things are notoriously insecure. Browsers are amongst the most complex bits of software on the planet and amongst the most frequently compromised. You could even have pathological cases like a well-secured Linux box running BackupPC accessed by Internet Explorer running under XP... Rather than let a random browser have access to things which properly only root should be able to access, if I were being cautious I'd back up the private things separately. It might be as simple as creating a cron job or something like that to zip (with a passphrase known only to me) the root-only files to an archive, and then copy that archive to a place accessible to the backup run by BackupPC. Clearly there's a bit of work to be done there, keeping things current. but regardless of what you do, I would strongly suggest you ensure ALL data is backed up... Well at least all important data, agreed, obviously. :) -- 73, Ged. ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/