Hi Tino,
Am 24.03.2011 um 11:03 schrieb Tino Schwarze:
> Hi Mike,
>
> On Wed, Mar 23, 2011 at 10:22:37PM +0100, Fresel Michal - hi competence e.U.
> wrote:
>
>> well - prefer "up and running" packages :)
>
> I've not yet bothered to try or build a package of BackupPC - since in
> my installation, everything is in /backup/backuppc anyway.
>
>> as the /etc should contain just the config for (localhost-specific) i would
>> say "backuppc-config" may stay there ...
>>
>> Reading the "Configuration file" on wikipedia it seems for the client config
>> there might be an exeption:
>> "Server processes often use configuration files stored in /etc, but they may
>> also use their installation directory or a location defined by the system
>> administrator."
>>
>> as this are not really localhost (server) specific the admin is allowed to
>> specify another path - so client-credentials are allowed to be somewhere
>> else?
>> Maybe usefully encrypted together with the data?
>
> It's not an issue of BackupPC installation where you put your ssh keys.
> If your are using multiple keys for client access, you need to specify
> them in your per-client configuration anyway and ssh doesn't care
> whether you use "-i /home/someuser/.ssh/id_dsa-client1" or "-i
> /data/encrypted/client-keys/client1"
>
> Note that BackupPC's main distribution is just a .tar.gz, not a
> Debian/XYZ binary package. You might want to contact your package
> maintainer about the default home directory of your backuppc user etc.
> It's a detail of the setup (context) of BackupPC, not a detail of
> BackupPC itself.
>
> Or am I missing your point?
>
> HTH,
it's not about the ssh-keys
they are on the encrypted volume as the home of backuppc-user points to
/var/lib/backuppc already
the issue is:
the credentials for SMB and rsyncd are stored plaintext within the config-files
of the hosts
cat /etc/backuppc/testing01.pl
$Conf{RsyncdPasswd} = 'passw0rd';
$Conf{RsyncdUserName} = 'my_remote_user';
$Conf{XferMethod} = 'smb';
$Conf{SmbSharePasswd} = 'passw0rd';
$Conf{SmbShareUserName} = 'my_remote_user';
Furthermore its world-readable (-rw-r--r--) - .... well - this might be an
issue of the packaging ...(here: debian 6 + backuppc 3.2.0 - testing)
The point is:
both credentials (username and password) are stored plantext
it would be nice to put it so somewhere like __TOPDIR__/credentials/testing01.pl
so you can encrypt the whole __TOPDIR__ to provide confidentiality
Greetings
Mike------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
BackupPC-devel mailing list
BackupPC-devel@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-devel
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
