hi,
I'm using keychain still there is things I'm missing ....
I've started making a script to make a bakup of my configs.. simply scp-ing them from
the remote computers, here arises two problems :
1. Permissions
2. Remote directory structure
I have forbid root login trought ssh to all ssh-aware machines (and i don't want to
brake this practice), so what I always do is login and then su... Now during scp there
is files for which my regular user doesn't have permissions and here is the problem..
i can't copy them. And here is where i need a good/secure solution..
The best way should be some scheme like keychain other possible way should be for
every copy process root-password to be asked... but better if possible
ask-passphrase/password once at least only per machine..
Other thought that comes to my mind is if I can set automatic "su" (w/o pass, or with
cached crypted pass ala keychain!!) only if there is request for coping from the
BACKUP machine with only account blah.. (something like wheel group but extended)
The second problems is solvable but I search for more elegant solution i.e. how to
extract remote directory structure so that I can create its mirror on my-BACKUP
machine..
One idea is to use ssh with command ls and then parse the result , not a very pleasant
solution...
tell me your ideas....
I know i can use to some exent cfengine, or some FS (like NFS, SAMBA) for similar
work but i don't want to (yet another configrations, yet another tool to watch
etc...)... I want to use ssh as a backbone for my stuff...
and here is my current script :
================script==================
#!/usr/bin/perl
use strict;
my $bdir="/arh/backup";
my $user = 'blah';
my %files = (
ns => {
'/etc' => { 'dhcpd.conf', 'named.conf', 'named.boot' },
'/etc/postfix' => {'*'},
'/etc/httpd/conf' => {'*.conf'},
'/etc/xinetd.d' => {'tftp'},
'/var/named' => {'*'},
'/arh/bin' => {'*'},
},
desktop => {
'/arh/work/lib' => {'*'},
'/arh/bin' => {'*'},
},
free => {
'/etc' => { 'crontab' },
'/etc/apache/conf' => { 'commonapache.conf', 'apache.conf' },
'/arh/bin' => {'*'},
'/home/httpd/perl' => { '*' },
},
);
sub mkTree {
my $dir = shift;
my $pDir = $bdir;
foreach my $d (split /\//, $dir) {
chdir $pDir;
$pDir .= "/$d";
unless (-d $pDir) {#create if dir doesnt exists
print "mkdir:-> $pDir\n";
mkdir $pDir
}
};
}
sub walk {
for my $m (keys %files) {#for every machine
for my $d (keys %{$files{$m}} ) {#for every dir
for my $f (keys %{$files{$m}{$d}}) {#for every file
my $destDir = "$m$d";
mkTree($destDir);
$destDir = "$bdir/$destDir";
my $cmd = qq{scp $user\@$m:$d/$f $destDir};
print "scp:=> $cmd\n";
qx{$cmd};
}
}#dirs
}#machine
}
sub zip {
my $file = shift;
}
walk
--
[EMAIL PROTECTED] mailing list
