Hi,
Les Stott wrote on 12.11.2007 at 18:22:51 [Re: [BackupPC-users] how to restore
without using root]:
> Nelson Serafica wrote:
> > [...]
> > backuppc ALL = NOPASSWD: ALL
> > [...]
> > Anyone has an alternative or a remedy? I don't allowed root to access
> > directly via ssh for security purposes
> [...]
> You should also limit what the backuppc user run, by saying ALL you let
> it run all commands. If you get specific you can set it up so that it
> can only be used for restores. See the link below for an example of sudo
> and tar.
just to be more clear: if you leave your sudoers as it is, you are
circumventing what you are trying to gain by not letting root log in
via ssh. Root can log in using backuppc's password (or private key).
In fact,
[EMAIL PROTECTED] sudo su -
or
[EMAIL PROTECTED] sudo /bin/sh
will run a root shell (without any password prompt), not requiring sudo
for any further commands. You should definitely limit the commands backuppc
is allowed to run via sudo to rsync and/or tar, possibly even with some
initial options. Otherwise, it's simpler and just as secure to login as
root in the first place.
Regards,
Holger
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
