Hi Brian,
have you tried to add "exec" to avoid the extra shell?
---------8<---------
nice\ -n\ 19\ sudo\ /usr/bin/rsync\ --server*)
exec $SSH_ORIGINAL_COMMAND
--------->8---------
Just a guess.
... Matt
Brian Wilson wrote:
>First off; this is a great piece of software! I'm backing up all my
>Linux, Windows, and MacOS boxes now without having to maintain my
>home-grown scripts to do the job (and waste space). And I'm looking
>forward to backuppcd whenever it gets ready for primetime.
>
>Anyways, I'm attempting to do a remote rsync of a machine over ssh
>with sudo. The backup is successful as long as I don't use the
>command="/home/user/bin/rsync-wrapper.sh" directive in my ssh
>authorized_keys file. I am guessing it has something to do with the
>escaping of things as they get passed to the script.
>
>The script doesn't modify the command passed to it, it just checks to
>make sure I'm running an allowed command:
>
>#!/bin/sh
>
>case "$SSH_ORIGINAL_COMMAND" in
> *\&*)
> echo "Rejected"
> ;;
> *\(*)
> echo "Rejected"
> ;;
> *\{*)
> echo "Rejected"
> ;;
> *\;*)
> echo "Rejected"
> ;;
> *\<*)
> echo "Rejected"
> ;;
> *\`*)
> echo "Rejected"
> ;;
> nice\ -n\ 19\ sudo\ /usr/bin/rsync\ --server*)
> $SSH_ORIGINAL_COMMAND
> ;;
> *)
> echo "Rejected"
> ;;
>esac
>
>When going through the rsync-wrapper, the backup happens, but it backs
>up things that are supposed to be excluded (and that are properly
>excluded) when the wrapper isn't used and any command over ssh is
>allowed. It's almost like the rsync excludes get ignored - again
>perhaps by an escaping error.
>
>My relative settings are:
>
>$Conf{RsyncClientCmd} = '$sshPath -p 2222 -q -x -l user $host nice -n
>19 sudo $rsyncPath $argList+';
>
>$Conf{RsyncShareName} = ['/'];
>$Conf{BackupFilesExclude} = ['Maildir'];
>$Conf{BackupFilesOnly} = ['/home/user', '/etc/sxid.list',
>'/etc/sxid.conf', '/scratch/backup/bin', '/etc/adm', '/root',
>'/etc/cron.daily/webalizer', '/etc/webalizer', '/var/cache/bind',
>'/etc/init.d/bind9', '/etc/group', '/etc/shadow', '/etc/passwd',
>'/etc/sudoers', '/var/backups', '/etc/init.d/iptables-fw',
>'/etc/init.d/iptables', '/var/lib/iptables', '/etc/portsentry',
>'/etc/logcheck', '/etc/iptables', '/etc/apache2',
>'/var/www/proftpdadmin', '/etc/proftpd', '/etc/mysql',
>'/var/lib/mysql', '/usr/share/squirrelmail/plugins',
>'/var/www/postfixadmin', '/etc/squirrelmail', '/etc/spamassassin',
>'/etc/postfix', '/etc/pop-before-smtp', '/etc/mailman',
>'/etc/courier', '/etc/clamav', '/etc/amavis', '/etc/aliases',
>'/etc/maildroprc', '/etc/procmailrc'];
>
>Like I said, when trying to verify the client command via the
>rsync-wrapper, it attempts to backup the full drive /, /proc, /dev,
>etc, so I know something is going screwy since it is only supposed to
>backup the files I have specified.
>
>If someone has a better suggestion for a wrapper script so I can only
>allow this user to run the backup command over ssh, then please let me
>know.
>
>Thanks,
>Brian
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
>for problems? Stop! Download the new AJAX search engine that makes
>searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
>http://sel.as-us.falkag.net/sel?cmd=k&kid�3432&bid#0486&dat�1642
>_______________________________________________
>BackupPC-users mailing list
>BackupPC-users@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/backuppc-users
>http://backuppc.sourceforge.net/
>
>
>
>
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
