Assuming you're using rsync as the transport:
This is the default setting in config.pl
$Conf{RsyncClientCmd} = '$sshPath -q -x -l root $host $rsyncPath $argList+';
That needs to be changed to
$Conf{RsyncClientCmd} = '$sshPath -q -x -l username_with_sudo_rights
$host sudo $rsyncPath $argList+';
(Note that you should replace 'username_with_sudo_rights' with a real
username on your system. Many people use 'backuppc' as the user, but it
could be anything.)
Then on the host you need to make sure that 'username_with_sudo_rights'
actually has sudo rights. Use the command 'visudo' to do this. This
command edits the /etc/sudoers file. Add this line to that file:
username_with_sudo_rights ALL=(ALL)NOPASSWD: /usr/bin/rsync --server *
(I don't have my config file in front of me, so someone please correct
me if I've got this syntax wrong).
You'll also have to go through a similar exercise for the restore command:
$Conf{RsyncClientRestoreCmd} = '$sshPath -q -x -l root $host $rsyncPath
$argList+';
I'm not all that comfortable using a no-passphrase key to restore a
backup. If someone managed to get the key, they'd have write access via
rsync to all my hosts. I leave the restore command as it is (with -l
root), but I disable root ssh access on the hosts. This renders my
restore function useless. But it's easy to turn on in the event it's
needed, by allowing root ssh access to a host.
Hope this helps.
-Rob
Yaakov Chaikin wrote:
> Which of the config directive needs to change for the "sudo" part and
> how would it look? Could you give an example?
>
> Thanks,
> Yaakov.
>
> On 7/18/07, Rob Owens <[EMAIL PROTECTED]> wrote:
>> If you're going to connect to the host as root, then no changes to
>> config.pl are needed. If you're going to connect to the host as a
>> regular user, and use sudo, then config.pl needs to change. You need to
>> replace "root" with the username you want to connect with. And you need
>> to throw a "sudo" in front of the rsync command.
>>
>> -Rob
>>
>> Yaakov Chaikin wrote:
>> > Would this require a different configuration within the config.pl
>> > file(s) within BackupPC itself? Or as far as BackupPC is concerned the
>> > configuration can stay the same as if it has exchanged the rsa keys
>> > with the user 'root'?
>> >
>> > Thanks,
>> > Yaakov.
>> >
>> > On 7/13/07, Rob Owens <[EMAIL PROTECTED]> wrote:
>> >> Keith Edmunds wrote:
>> >> > On Fri, 13 Jul 2007 09:39:15 -0400, [EMAIL PROTECTED] said:
>> >> >
>> >> >
>> >> >> The user would need read-access to everything (in order to backup
>> >> /home
>> >> >> and some files in /etc), preferably without being able to run
>> >> commands
>> >> >> other than rsync. How would I achieve this?
>> >> >>
>> >> >
>> >> > By using sudo (as I said). Sudo runs the program specified with
>> root
>> >> > privileges - we backup lots of servers this way.
>> >> >
>> >> > Keith
>> >> I'm familiar with sudo. I guess I'd specify in /etc/sudoers that
>> user
>> >> "joe" is allowed to run:
>> >> 1) rsync <options> /share1
>> >> and
>> >> 2) rsync <options> /share2
>> >>
>> >> Is there a way to use the forced-commands feature of ssh to further
>> >> limit joe's logins? I realize
>> >> that the risk is already significantly reduced since joe is just a
>> >> regular user, but I'm really picky about security.
>> >>
>> >> Here's a funny story I heard that I think applies here:
>> >> Two guys (Fred and Bill) were walking through the jungle when they
>> >> noticed a cheetah stalking them. Fred bends down to tighten the
>> >> shoelaces on his running shoes. Bill says, "What are you doing? You
>> >> can't outrun a cheetah." Fred says, "I don't have to outrun the
>> >> cheetah, I just have to outrun you."
>> >>
>> >> I'm just trying to take my security one step further than most people
>> >> would. Hopefully it'll keep me safer than the guys behind me.
>> >>
>> >> -Rob
>> >>
>> >>
>> -------------------------------------------------------------------------
>>
>> >>
>> >> This SF.net email is sponsored by DB2 Express
>> >> Download DB2 Express C - the FREE version of DB2 express and take
>> >> control of your XML. No limits. Just data. Click to get it now.
>> >> http://sourceforge.net/powerbar/db2/
>> >> _______________________________________________
>> >> BackupPC-users mailing list
>> >> [email protected]
>> >> https://lists.sourceforge.net/lists/listinfo/backuppc-users
>> >> http://backuppc.sourceforge.net/
>> >>
>>
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
BackupPC-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
