Hi, Russ Russ wrote on 2015-03-06 09:07:30 +0300 [[BackupPC-users] Wake-on-LAN setup - no ping response]: > [...] > I have backuppc server on Gentoo which works fine with regular client > backups. Now I am configuring wake-on-lan to wake windows clients up before > backup. > [...] > 3. Appropriate 777 rights have been granted to wolping.sh.
a=rwx is hardly appropriate. Actually, having 'others' being able to modify the script is an attack waiting to happen. Anyone at all with access to the machine can put anything they want into the script and just have to wait for it to be executed by the BackupPC daemon with its associated privileges. That is basically the same as giving anyone a free backuppc uid shell, including full access to all backups and presumably root access to all client machines you are backing up. Not necessarily a good idea ;-). I don't believe BackupPC actually checks the permissions before executing the PingCmd (or any other), but I wouldn't blame *anything* (BackupPC, Perl, bash, kernel) for blandly refusing to execute a world-writable file as a general security measure. > This is output of ls ???l: > -rwxrwxrwx 1 backuppc backuppc 1246 12:00 wolping.sh The ownership looks good enough, though 'root:root' might be more suitable, now you just have to 'chmod go-w' it. And afterwards check it has not been modified. We'll just assume no malicious party has the file opened for writing across your chmod and review, but for the record I'll mention the theoretical possibility. Curious that your 'ls -l' output contains no date :-). > 4. I have tested wolping.sh and it works great from terminal under backuppc > user Well, you use 'sudo'. You haven't by chance previously input a sudo password in your terminal session? You are sure you are executing /usr/local/bin/wolping.sh and not a different version of the script somewhere in your path? ;-) What is the return code of the script when you execute it from a shell? Your standard shell usually doesn't tell you if you don't ask explicitly, but it might make a difference for BackupPC. > Seems that backuppc does not even fire the script as ???logger??? does not > appear in tail -f /var/log/messages You should see more in BackupPC's log files. I don't regularly use the 'logger' command, so I'm not familiar with its intricacies. Is it not called, or does it fail to log, or does it log somewhere else than you are looking? Does the command line invocation of wolping.sh cause a log entry (in /var/log/messages)? Looking at your script, I am wondering what your $Conf{PingCmd} looks like (out of habit, I'd also like to see $Conf{PingPath}). It's obviously not the default ('$pingPath -c 1 $host'), because you get your host name from $5: > [...] > WAKEHOST=$5 > [...] > function fwol { > TO_WAKEUP=$1 (apparently never used) > sudo $ETHWAKE $1 I suppose you've got an entry similar to this in your /etc/sudoers: backuppc ALL=NOPASSWD: /sbin/etherwake -i enp3s0 * You use different invocations of the ping command - is that intentional? > [...] > $PING $ARG1 $ARG2 $ARG3 $ARG4 $WAKEHOST >>/dev/null 2>&1 > $PING $ARG1 $ARG2 $WAKEHOST > $PING $ARG1 $ARG2 $ARG3 $ARG4 $WAKEHOST Wouldn't it make more sense to control that in the script and call it with the parameters that are truely variable, e.g. wolping.sh hostname interval Your script is implying semantics for $ARG3 and $ARG4, so you can't really configure PingCmd to use wolping.sh with arbitrary 'ping' switches (let alone a variable number of them) in arbitrary order, as it might first appear. You might also want to replace the sleep command with a fancy ping invocation to be more adaptive to the time an individual host actually requires to boot. You could experiment with something like ping -i 10 -c 18 -A -q hostname which should wait at most 180 seconds (like your sleep command), probe your host in 10 second intervals and terminate shortly after the host begins to respond. That way, you could increase the tolerance (raise the -c argument) to accomodate for slow hosts and yet not have to unnecessarily wait for a fixed long time for fast hosts. Of course, you would also wait the maximum time for hosts which simply fail to wake up. Hope that helps. Regards, Holger ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/