Hi,
I did a fresh reinstall of BackupPC and I have the following:
I have installed BackupPC-4.1.3-4.fc27.x86_64 .
-rw-r----- 1 backuppc apache 47 Dec 11 15:49 /etc/BackupPC/apache.users
-rw-rw---- 1 apache apache 65536 Nov 25 12:27 /etc/httpd/alias/cert8.db
-rw-rw---- 1 apache apache 16384 Nov 25 12:27 /etc/httpd/alias/key3.db
-rw-rw---- 1 apache apache 20 Sep 11 2015 /etc/httpd/alias/pwdfile.txt
-rw-rw---- 1 apache apache 16384 Nov 25 12:20 /etc/httpd/alias/secmod.db
-r-------- 1 apache apache 29 Sep 11 2015
/etc/httpd/conf/password.conf
drwxr-x--- 2 backuppc apache 4096 Dec 13 10:19 /usr/libexec/BackupPC/
-rwsr-x--- 1 backuppc apache 7128 Aug 2 18:51
/usr/libexec/BackupPC/BackupPC_Admin
in /etc/BackupPC/config.pl, i have
$Conf{BackupPCUser} = 'backuppc';
and I still have the error:
>>Error: Wrong user: my userid is 48, instead of 955(backuppc)
>>This script needs to run as the user specified in $Conf{BackupPCUser},
which is set to backuppc.
48 is userid of apache.
The script /usr/libexec/BackupPC/BackupPC_Admin is owned by user backuppc,
so I don't understand the reasons for this error message.
My web server is running Freeipa as well.
Regards,
Fuji
On Wed, Dec 13, 2017 at 12:52 AM, Holger Parplies <wb...@parplies.de> wrote:
> Hi,
>
> fujisan wrote on 2017-12-12 13:08:08 +0100 [Re: [BackupPC-users] Error:
> Wrong user: my userid is 48, instead of 955(backuppc)]:
> > [...]
> > I have the following:
> > -r-------- 1 backuppc apache 29 Sep 11 2015
> /etc/httpd/conf/password.conf
>
> that would seem to be a problem (unrelated), because authentication is
> probably done by Apache, not the BackupPC_Admin script ... ah ... it
> appears it won't
> be, if you've changed the user for Apache (which I wouldn't do).
>
> > -rwsr-x--- 1 backuppc apache 7128 Aug 2 18:51 /usr/libexec/BackupPC/
> BackupPC_Admin
>
> Well, and /usr/libexec/BackupPC?
>
> > in /etc/httpd/conf/httpd.conf
> > User backuppc
> > Group apache
>
> Presuming setuid is working for Perl scripts (which it may not), there
> would
> be no reason to change this. Even if setuid Perl scripts don't work, there
> are probably better ways to do this. Is your web server running anything
> else
> besides BackupPC?
>
> Presuming you really *do* keep this, remove the setuid on BackupPC_Admin.
>
> > [...]
> > On Tue, Dec 12, 2017 at 11:46 AM, Jamie Burchell <ja...@ib3.co.uk>
> wrote:
> > > You need to configure Apache (/etc/httpd/conf/httpd.conf on CentOS 7)
> to
> > > run under user ???backuppc???:
>
> Can't say I'd agree. Besides the obvious implications, that sort of puts
> you
> back on square one, where you might have to change all sorts of things on
> your
> system just to get Apache to run. Repeat on every security update of
> Apache.
> You'd better know what you're doing, in which case you wouldn't be here.
>
> It certainly is *a* possible solution, but it's neither elegant nor
> mandatory,
> nor should it be suggested without warning about the many implications.
>
> > [...]
> > > -rwsr-x--- 1 apache apache 7128 Aug 2 18:51 /usr/libexec/BackupPC/
> BackupPC_Admin
>
> At this point, it was obvious, but you've figured that out. Did you mention
> whether the error message stayed the same after you changed that?
>
> > > I have changed the ownership of BackupPC_Admin to backuppc and the
> > > permissions as well.:
> > >
> > > drwxr-xr-x 2 backuppc backuppc 4096 Dec 11 16:53 /usr/libexec/BackupPC/
> > > -rwsr-x--- 1 backuppc backuppc 7128 Aug 2 18:51 /usr/libexec/BackupPC/
> > > BackupPC_Admin
> > >
> > > And the log says:
> > > [Tue Dec 12 10:50:58.607612 2017] [cgid:error] [pid 715:tid
> > > 139944750074112] (13)Permission denied: AH01241: exec of
> > > '/usr/libexec/BackupPC/BackupPC_Admin' failed
>
> Well, yes, that's still obvious, because Apache has no execute permission.
>
> > > Well, I cannot figure out how to setup backuppc.
>
> And I can't figure out how to stop people from top-posting.
>
> > > Any help welcome
>
> Same here.
>
> Regards,
> Holger
>
> P.S.: If your distribution's BackupPC package doesn't work with your
> distribution's Apache package and doesn't provide information on how
> to fix that, you should probably file a bug report.
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
