Jeff,
The reason BackupPC avoids running shells for sub-commands is security, and
the extra layer of argument escaping or quoting. It's easy to
inadvertently have some security weakness from misconfiguration or misuse.
Can you get what you need by starting the command with "/bin/bash -c"? You
can alternatively set $Conf{DumpPreUserCmd} to a shell script with the
arguments you need, and then you can do whatever you want in that script.
Craig
On Wed, Jun 24, 2020 at 10:20 AM <backu...@kosowsky.org> wrote:
> I notice that in Lib.pm, the function 'cmdSystemOrEvalLong'
> specifically uses the structure 'exec {$cmd->[0]} @$cmd;' so that no
> shell is invoked.
>
> I know that technically it's a little faster to avoid calling the
> shell, but in many cases it is very useful to have at least a
> rudimentary shell available.
>
> For example, I may want to read in (rather than execute a script).
>
> Specifically say,
> (1) $Conf{DumpPreUserCmd} = qq(\$sshPath -q -x -i $BackupPCsshID -l
> $Conf{RsyncdUserName} \$hostIP bash -s <
> /etc/backuppc/scripts/script-\$hostIP)
> would allow me to run a hostIP specific script that I store in
> /etc/backuppc/scripts.
>
> - This is neater and easier to maintain than having to store the script
> on the remote machine.
> - This also seems neater and nicer than having to use an executable
> script that would itself need to run ssh -- plus importantly it
> removes a layer of indirection and messing with extra quoting.
>
>
> Similarly, it would be great to be able to support:
> (2) $Conf{DumpPreUserCmd} = qq(\$sshPath -q -x -i $BackupPCsshID -l
> $Conf{RsyncdUserName} \$hostIP bash -s <<EOF
> <bash script here>
> EOF)
>
> Or similarly:
> (3) $Conf{DumpPreUserCmd} = qq(\$sshPath -q -x -i $BackupPCsshID -l
> $Conf{RsyncdUserName} \$hostIP bash -s <<< $bashscript
> where for example
> my $bashscript = <<'EOF'
> <bash script here>
> EOF
>
> Though this latter form is a bash-ism and would not work in /bin/sh
>
> The advantage of the latter examples is that it would allow me to
> store the bashscript in the actual host.pl config scripts rather than
> having to have a separate set of scripts to load.
>
> Note that I am able to roughly replicate (3) using perl code, but it
> requires extra layers of escaping of metacharacters making it hard to
> write, read, and debug.
>
> For example something like:
> my $bashscript = <<'EOF';
> <bash script here>
> EOF
>
> $bashscript =~ s/([][;&()<>{}|^\n\r\t *\$\\'"`?])/\\$1/g;
> $Conf{DumpPreUserCmd} = qq(&{sub {
> open(my \$out_fh, "|-", "\$sshPath -q -x -i $BackupPCsshID -l
> $Conf{RsyncdUserName} \$hostIP bash -s")
> or warn "Can't start ssh: \$!";
> print \$out_fh qq($bashscript);
> close \$out_fh or warn "Error flushing/closing pipe to ssh: \$!";
> }})
>
> Though it doesn't quite work yet...
>
>
>
> _______________________________________________
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki: http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/
>
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
