Hi Luis (and others), I've taken a little time to study the visudo approach to running BackupPC instead of using phrase-less keys for root logon at the client machine. This is a much lower risk, indeed.
On Ubuntu, Vim is the default editor for visudo with Vim-tiny included in the distribution. When I tried to use Vim-tiny, I got some strange results! I closed the session without save and upgraded to Vim-full. The full version editor worked like it should. I edited the sudoers file on the backuppc_server as follows: # --------------backuppc-server machine sudoers ------------- # /etc/sudoers # # This file MUST be edited with the 'visudo' command as root. # # See the man page for details on how to write a sudoers file. # Defaults env_reset # Uncomment to allow members of group sudo to not need a password # %sudo ALL=NOPASSWD: ALL # Host alias specification Host_Alias LOCAL = <backuppc-server name> # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL) ALL # Uncomment the first line and comment the second to # to RESTORE client. Switch them back after restore. # backuppc LOCAL=NOPASSWD: /bin/tar -c *, /bin/tar -x * backuppc LOCAL=NOPASSWD: /bin/tar -c * # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # ----------------- end backuppc-server sudoers -------------- I ran a backup (tar method) on the server's home directory just to check that the server and backuppc were communicating. It ran fine. Next, I edited the sudoers file on the client machine as follows: -------------- client machine sudoers ------------------------ # /etc/sudoers # # This file MUST be edited with the 'visudo' command as root. # # See the man page for details on how to write a sudoers file. # Defaults env_reset # Uncomment to allow members of group sudo to not need a password # %sudo ALL=NOPASSWD: ALL # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL) ALL # Uncomment the first line and comment the second to # to RESTORE client. Switch them back after restore. # backuppc ALL=NOPASSWD: /usr/bin/rsync --server --sender * backuppc ALL=NOPASSWD: /usr/bin/rsync --server * # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL ----------- end client sudoers ------------------------------ Then, I created my ssh keys for the rsync transfer between the backuppc-server and the client machines. If I understand things correctly, I create two sets of keys similar to the root logon method except that, for this method, the BackupPC key is phrase-less like before, but the root key from the client machine can have a strong password. The key generation seemed to go well with no errors. When I ran the command ssh -l root 192.168.1.101 whoami the response was: root <<--- Is this correct for the visudo method? When I tried to run a full backup on the client I got the "failed to read 4 bytes" error message indicating that the keys are bad or missing or that I didn't do something else right. Anyone see where I botched the switch over? -- ken ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
