Rick DeNatale writes:
> Executive Summary:
>
> I think that the script in the backuppc faq used to avoid client
> access as root has a bug. It should not use the --server and --sender
> arguments to rsync, but just pass the arguments it gets from the
> server.
>
> Details:
>
> I'm trying to rebuild a machine whose hard disk failed. It had been
> backed up using backuppc with rsync.
>
> I apologize is this note is a tad confused. I actually started writing
> it looking for help, but I think that I figured out the problem in the
> course of writing it.
>
> I've managed to get it back to the point where ssh, and rsync are
> working between the client and the server without prompting for
> passwords, and backuppc has actually succeeded in backing it up once
> again. I've got it set up so as to avoid root login per
> http://backuppc.sourceforge.net/faq/ssh.html#how_can_client_access_as_root_be_avoided
>
> Actually since both machines run Ubuntu, logging into root is difficult.
>
> The faq led me to making a shell script which is the only program
> which the backuppcclient user is allowed to execute as root via sudo.
>
>
> #!/bin/sh -f
> exec /usr/bin/rsync --server --sender $*
>
> I'm a little confused about the --server and --sender arguments on the
> rsync command. I can't find this in the backuppc config file as an
> rsync argument, and I can't figure out what it does.
>
> The rsync man page doesn't seem to mention it.
--server and --sender are internal arguments to rsync. They
are used to setup one half of an rsync transfer.
> The logs for both the successful backup and the failed restore showed
> that both --server and --sender are being used on the rsync command
> sent to the client via ssh for a backup, and --server is being used on
> a restore.
>
> So I wondered why they were in the script recommended by the faq. To
> make a long story short, I removed them from the script, and a single
> file restore seems to work. I'm now attempting a full restore of one
> users home directory, and then I guess I'll have to try another
> backup.
For a restore you need to specify just --server, not --sender.
So the FAQ should indicate that you need two scripts, one for
backup (with --server --sender) and one for restore (--server).
$Conf{RsyncClientRestoreCmd} should be modified to point at
the restore script.
That said, the whole point of setting up these script is to provide
better client security if the BackupPC server is compromised. If
a restore script is set up on the client, then it can be used to
write to files on the client, which allows the client to be
compromised. Perhaps having these scripts make it more obscure,
but doesn't guarantee protection.
Craig
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
BackupPC-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
