Re: [gentoo-user] Back up with no root
On Sunday 29 May 2005 02:23, Walter Dnes wrote: I think you're going about it the wrong way. - can you set up a cron job on the remote machine to push the backup to your machine (or where-ever)? The cron job can run the backup as root, so you wouldn't need to worry about permissions. Not really, my workstation has a dynamic ip. And I don't trust my server to ssh to some other computer out there to send all the data. - Google on the search term +ssh +remote backup for a whole bunch of examples. I'll do. -- Pupeno [EMAIL PROTECTED] (http://pupeno.com) Reading ? Science Fiction ? http://sfreaders.com.ar pgpUNCfm2wl0C.pgp Description: PGP signature
Re: [gentoo-user] Back up with no root
On Saturday 28 May 2005 01:33 pm, Pupeno [EMAIL PROTECTED] wrote: My question is, how do I run a command like this: rsync --verbose --checksum --archive --partial --progress --rsh=ssh [EMAIL PROTECTED]:/var/ ./var/ having root-privileges on the server. I never use rsync myself, but why not just use --rsh=ssh 'su -' instead of --rsh=ssh? -- Boyd Stephen Smith Jr. [EMAIL PROTECTED] ICQ: 514984 YM/AIM: DaTwinkDaddy -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Back up with no root
On Sunday 29 May 2005 16:53, Boyd Stephen Smith Jr. wrote: I never use rsync myself, but why not just use --rsh=ssh 'su -' instead of --rsh=ssh? It'd have to be ssh 'sudo su -', but that doesn't work: # rsync --verbose --checksum --archive --partial --progress --rsh=ssh 'sudo su -' [EMAIL PROTECTED]:/var/ ./var/ ssh: 'sudo: Name or service not known rsync: connection unexpectedly closed (0 bytes read so far) rsync error: error in rsync protocol data stream (code 12) at io.c(189) Thanks. -- Pupeno [EMAIL PROTECTED] (http://pupeno.com) Reading ? Science Fiction ? http://sfreaders.com.ar pgpDbhpQhl55y.pgp Description: PGP signature
Re: [gentoo-user] Back up with no root
On Sunday 29 May 2005 04:42 pm, Pupeno [EMAIL PROTECTED] wrote: On Sunday 29 May 2005 16:53, Boyd Stephen Smith Jr. wrote: I never use rsync myself, but why not just use --rsh=ssh 'su -' instead of --rsh=ssh? It'd have to be ssh 'sudo su -', but that doesn't work: 'sudo su -' is definately wrong. Maybe simply 'sudo' or 'sudo /bin/bash' but not 'sudo su -'. # rsync --verbose --checksum --archive --partial --progress --rsh=ssh 'sudo su -' [EMAIL PROTECTED]:/var/ ./var/ ssh: 'sudo: Name or service not known Er, this is the kicker. It means that rsync is invoking ssh like: ssh 'sudo su -' [EMAIL PROTECTED] whereas ssh needs it to look like: ssh [EMAIL PROTECTED] 'sudo su -' There's no way to force ssh to take the command first that I can find. I see a couple of solutions. The first is to simply allow root to login via ssh on the remote machine and use [EMAIL PROTECTED] instead of [EMAIL PROTECTED] The second is to write a small bash script reorders the arguments to ssh so that --rsh=script name 'sudo /bin/bash' (or a variant) will work. I'm sure there are other solutions, too. -- Boyd Stephen Smith Jr. [EMAIL PROTECTED] ICQ: 514984 YM/AIM: DaTwinkDaddy -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Back up with no root
Obviously, if you've never used sudo you'll have to emerge the package app-admin/sudo. Then, configure /etc/sudoers with the visudo command. Find #%wheel ALL=(ALL)ALL and uncomment it. Then, add the user you want to be able to use sudo to the wheel group (usermod -g name). And that's it. The user should now be able to use sudo, provide they enter the root password when using it. If you don't want to have the use a password to use sudo (highly recommended you do), uncomment # %wheelALL=(ALL) NOPASSWD: ALL instead. On 5/27/05, Myk Taylor [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Run sudo after you ssh. On my network, I backup my servers by setting up sudoers on the server I want to backup and running the following command from my workstation: ssh flags user@hostname sudo dump -udumplevelf- filesystem | gzip hostname.dumplevel.date.gz Pupeno wrote: Hello, I'm trying to set up my computers so I make backups of my server from my workstation (we don't have a backup server). The thing is that I have a normal user on that server and I'm on the sudoers file to perform any root-task. Now, to back up, I'm running an rsync thru ssh to the server, but that runs as a my user because I can't ssh as root, how can I achieve root privileges to be able to perform the back up ? Thank you. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCl2JIBOPsJyAQkeARAglpAKChjai/SSVils4LLAhvBHFw4GPF0gCgx50O 4JBov/gZcdie8jtIhnBLvGw= =1cGc -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list -- - Mark Shields -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Back up with no root
oops. It's Then, add the user you want to be able to use sudo to the wheel group (usermod -g wheel name). On 5/28/05, Mark Shields [EMAIL PROTECTED] wrote: Obviously, if you've never used sudo you'll have to emerge the package app-admin/sudo. Then, configure /etc/sudoers with the visudo command. Find #%wheel ALL=(ALL)ALL and uncomment it. Then, add the user you want to be able to use sudo to the wheel group (usermod -g name). And that's it. The user should now be able to use sudo, provide they enter the root password when using it. If you don't want to have the use a password to use sudo (highly recommended you do), uncomment # %wheelALL=(ALL) NOPASSWD: ALL instead. On 5/27/05, Myk Taylor [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Run sudo after you ssh. On my network, I backup my servers by setting up sudoers on the server I want to backup and running the following command from my workstation: ssh flags user@hostname sudo dump -udumplevelf- filesystem | gzip hostname.dumplevel.date.gz Pupeno wrote: Hello, I'm trying to set up my computers so I make backups of my server from my workstation (we don't have a backup server). The thing is that I have a normal user on that server and I'm on the sudoers file to perform any root-task. Now, to back up, I'm running an rsync thru ssh to the server, but that runs as a my user because I can't ssh as root, how can I achieve root privileges to be able to perform the back up ? Thank you. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCl2JIBOPsJyAQkeARAglpAKChjai/SSVils4LLAhvBHFw4GPF0gCgx50O 4JBov/gZcdie8jtIhnBLvGw= =1cGc -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list -- - Mark Shields -- - Mark Shields -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Back up with no root
On Saturday 28 May 2005 10:47, Mark Shields wrote: Obviously, if you've never used sudo you'll have to emerge the package app-admin/sudo. Then, configure /etc/sudoers with the visudo command. Find #%wheel ALL=(ALL)ALL and uncomment it. Then, add the user you want to be able to use sudo to the wheel group (usermod -g name). And that's it. The user should now be able to use sudo, provide they enter the root password when using it. This part is not right I believe, the good thing of sude is that you scalate privileges by using your own password, not root's password, I don't even know root's passwords of the server. If you don't want to have the use a password to use sudo (highly recommended you do), uncomment # %wheelALL=(ALL) NOPASSWD: ALL instead. BTW, I think you missunderstood the question, I have sudo isntalled, I know how it works and I am using it to do anything that requires root on my server (after logging in as pupeno). My question is, how do I run a command like this: rsync --verbose --checksum --archive --partial --progress --rsh=ssh [EMAIL PROTECTED]:/var/ ./var/ having root-privileges on the server. -- Pupeno [EMAIL PROTECTED] (http://pupeno.com) Reading ? Science Fiction ? http://sfreaders.com.ar pgpJLu0Fx2A9e.pgp Description: PGP signature
Re: [gentoo-user] Back up with no root
On Sat, May 28, 2005 at 09:47:20AM -0400, Mark Shields wrote Obviously, if you've never used sudo you'll have to emerge the package app-admin/sudo. Then, configure /etc/sudoers with the visudo command. Find #%wheel ALL=(ALL)ALL and uncomment it. Then, add the user you want to be able to use sudo to the wheel group (usermod -g name). And that's it. The user should now be able to use sudo, provide they enter the root password when using it. If you don't want to have the use a password to use sudo (highly recommended you do), uncomment # %wheelALL=(ALL) NOPASSWD: ALL instead. There is an in-between solution that's not as risky. You can allow specific users to execute specific commands with a specific set of parameters. For instance, I have a backup dialup account at 295.ca for emergency use if/when my ADSL account is not available. ppp0 can not co-exist with eth0. So, in addition to creating /dev/ppp, I (as user waltdnes) also have to shut down eth0, and call pon, in order to connect via dialup. After logging off, I need to restart eth0. These commands all require root privileges. The specific commands in my /etc/sudoers are... waltdnes m450 = (root) NOPASSWD: /bin/mknod /dev/ppp c 108 0 waltdnes m450 = (root) NOPASSWD: /sbin/ifconfig eth0 down waltdnes m450 = (root) NOPASSWD: /usr/sbin/pon 295caint waltdnes m450 = (root) NOPASSWD: /usr/sbin/poff waltdnes m450 = (root) NOPASSWD: /etc/init.d/net.eth0 restart It's painfull to type these commands manually, so I've set up a couple of scripts, called dialup and dialdown... [m450][waltdnes][~]cat bin/dialup #!/bin/bash sudo /bin/mknod /dev/ppp c 108 0 sudo /sbin/ifconfig eth0 down sudo /usr/sbin/pon 295caint [m450][waltdnes][~]cat bin/dialdown #!/bin/bash sudo /usr/sbin/poff sudo /etc/init.d/net.eth0 restart In your case, you can allow the regular user to launch a backup process with root privileges. For security reasons, I recommend... 1) always specify the full program path 2) always specify all parameters in full -- Walter Dnes [EMAIL PROTECTED] An infinite number of monkeys pounding away on keyboards will eventually produce a report showing that Windows is more secure, and has a lower TCO, than linux. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Back up with no root
On Sat, May 28, 2005 at 03:33:51PM -0300, Pupeno wrote My question is, how do I run a command like this: rsync --verbose --checksum --archive --partial --progress --rsh=ssh [EMAIL PROTECTED]:/var/ ./var/ having root-privileges on the server. I think you're going about it the wrong way. - can you set up a cron job on the remote machine to push the backup to your machine (or where-ever)? The cron job can run the backup as root, so you wouldn't need to worry about permissions. - Google on the search term +ssh +remote backup for a whole bunch of examples. -- Walter Dnes [EMAIL PROTECTED] An infinite number of monkeys pounding away on keyboards will eventually produce a report showing that Windows is more secure, and has a lower TCO, than linux. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Back up with no root
Hello, I'm trying to set up my computers so I make backups of my server from my workstation (we don't have a backup server). The thing is that I have a normal user on that server and I'm on the sudoers file to perform any root-task. Now, to back up, I'm running an rsync thru ssh to the server, but that runs as a my user because I can't ssh as root, how can I achieve root privileges to be able to perform the back up ? Thank you. -- Pupeno [EMAIL PROTECTED] (http://pupeno.com) Reading ? Science Fiction ? http://sfreaders.com.ar pgpXa7xGvffO5.pgp Description: PGP signature
Re: [gentoo-user] Back up with no root
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Run sudo after you ssh. On my network, I backup my servers by setting up sudoers on the server I want to backup and running the following command from my workstation: ssh flags user@hostname sudo dump -udumplevelf- filesystem | gzip hostname.dumplevel.date.gz Pupeno wrote: Hello, I'm trying to set up my computers so I make backups of my server from my workstation (we don't have a backup server). The thing is that I have a normal user on that server and I'm on the sudoers file to perform any root-task. Now, to back up, I'm running an rsync thru ssh to the server, but that runs as a my user because I can't ssh as root, how can I achieve root privileges to be able to perform the back up ? Thank you. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCl2JIBOPsJyAQkeARAglpAKChjai/SSVils4LLAhvBHFw4GPF0gCgx50O 4JBov/gZcdie8jtIhnBLvGw= =1cGc -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
