[BackupPC-users] ssh options for special case
Hi, I try to setup ssh flags for backups for one host that has several ssh server running on the same ip (different port, this is a virtualisez machine): -o \'StrictHostKeyChecking no\' -o StrictHostKeyChecking no does not work in $Conf{RsyncClientCmd} = , do you have any hints about this one ? I do not want it to be the default method, i just need this option for some hosts. -- Cordialement, Ghislain ADNET. ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
Re: [BackupPC-users] PackupPC CGI interface and Plesk
Les Mikesell wrote: Does the running httpd retain the apache group? Maybe you need to change the group to psaserv. If you aren't in the right group you can't execute this. I added user backuppc to the psaserv group: $ groups backuppc backuppc : backuppc psaserv I chowned BackupPC_Admin to backupc:psaserv and removed write permissions: -r-sr-x--- 1 backuppc psaserv 3912 Jun 7 11:48 BackupPC_Admin I can execute this as user backuppc, apache and root, but still it's not working when I access it through a browser. I'm slowly starting to go nuts from this... Nils Breunese. ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
Re: [BackupPC-users] PackupPC CGI interface and Plesk
On Thu, 2006-06-08 at 08:35, Nils Breunese (Lemonbit Internet) wrote: Does the running httpd retain the apache group? Maybe you need to change the group to psaserv. If you aren't in the right group you can't execute this. I added user backuppc to the psaserv group: $ groups backuppc backuppc : backuppc psaserv I chowned BackupPC_Admin to backupc:psaserv and removed write permissions: -r-sr-x--- 1 backuppc psaserv 3912 Jun 7 11:48 BackupPC_Admin I can execute this as user backuppc, apache and root, but still it's not working when I access it through a browser. I'm slowly starting to go nuts from this... Is there a more informative error in the httpd error_log now? A brute-force way to debug is to 'strace -p ' one of the httpd process id's, then hit the page until that process handles it, then look for failed systems calls where you might be able to see what file it is trying to access. -- Les Mikesell [EMAIL PROTECTED] ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
Re: [BackupPC-users] PackupPC CGI interface and Plesk
Les Mikesell wrote: -r-sr-x--- 1 backuppc psaserv 3912 Jun 7 11:48 BackupPC_Admin I can execute this as user backuppc, apache and root, but still it's not working when I access it through a browser. I'm slowly starting to go nuts from this... Is there a more informative error in the httpd error_log now? No. I get this in my browser window: 500 Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, [EMAIL PROTECTED] and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. And in error_log I find: [Thu Jun 08 15:30:17 2006] [error] [client xxx.xxx.xxx.xxx] Premature end of script headers: BackupPC_Admin That's all. When I reload the page I just get another one of those. A brute-force way to debug is to 'strace -p ' one of the httpd process id's, then hit the page until that process handles it, then look for failed systems calls where you might be able to see what file it is trying to access. I didn't find anything this way. I only keep hitting traces of the 404 error served for the favicon.ico. However, I thought of one more thing. I believe Plesk uses suexec for perl scripts. In the httpd.include for the vhost (generated by Plesk) I find: SuexecUserGroup lemonbitbackup psacln Could this maybe override the setuid on BackupPC_Admin? In /var/log/ httpd/suexec_log I find: [2006-06-08 15:57:52]: uid: (10011/lemonbitbackup) gid: (10001/10001) cmd: BackupPC_Admin [2006-06-08 15:57:52]: file is either setuid or setgid: (/var/www/ vhosts/backup.lemonbit.nl/cgi-bin/BackupPC_Admin) Could it be that that SuexecUserGroup directive somehow overrides the setuid bit on BackupPC_Admin? Thanks for the great help so far, Nils Breunese. ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
Re: [BackupPC-users] PackupPC CGI interface and Plesk
On Thu, 2006-06-08 at 16:04 +0200, Nils Breunese (Lemonbit Internet) wrote: I didn't find anything this way. I only keep hitting traces of the 404 error served for the favicon.ico. However, I thought of one more thing. I believe Plesk uses suexec for perl scripts. In the httpd.include for the vhost (generated by Plesk) I find: SuexecUserGroup lemonbitbackup psacln Could this maybe override the setuid on BackupPC_Admin? In /var/log/ httpd/suexec_log I find: [2006-06-08 15:57:52]: uid: (10011/lemonbitbackup) gid: (10001/10001) cmd: BackupPC_Admin [2006-06-08 15:57:52]: file is either setuid or setgid: (/var/www/ vhosts/backup.lemonbit.nl/cgi-bin/BackupPC_Admin) Could it be that that SuexecUserGroup directive somehow overrides the setuid bit on BackupPC_Admin? Thanks for the great help so far, I've never used it but it seems likely - or that it just refuses to run anything with the setuid bit set. Maybe the Plesk way of doing things would be to change the backuppc user (and ownership of everything related) to match the lemonbitbackup user that Plesk created. Is this supposed to be something that saves you time...? -- Les Mikesell [EMAIL PROTECTED] ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
Re: [BackupPC-users] BackupPC CGI interface and Plesk
Les Mikesell wrote: Maybe the Plesk way of doing things would be to change the backuppc user (and ownership of everything related) to match the lemonbitbackup user that Plesk created. Is this supposed to be something that saves you time...? Security software, like suexec, is almost never supposed to be something that saves you time, right? Well, in the long run, yes, because when setup properly it will save you a lot of time fixing stuff. Shared hosting environments are jungles and I actually think things like suexec are great. I've never had any problems with CGI scripts and suexec. It always just worked out of the box. Installing BackupPC was the first time I had to setuid a CGI script for a parcticular user that is not the site user and now I can't seem to get it to work. Which would be a pity, because BackupPC seems like it would be perfect for my needs. Nils Breunese. ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
Re: [BackupPC-users] BackupPC CGI interface and Plesk
On Thu, 2006-06-08 at 18:51 +0200, Nils Breunese (Lemonbit Internet) wrote: Maybe the Plesk way of doing things would be to change the backuppc user (and ownership of everything related) to match the lemonbitbackup user that Plesk created. Is this supposed to be something that saves you time...? Security software, like suexec, is almost never supposed to be something that saves you time, right? Well, in the long run, yes, because when setup properly it will save you a lot of time fixing stuff. Sounds like a typical policy vs. reality issue. You can scale things up by following a specific policy and repeating procedures - until you want something different. Then you can't. Shared hosting environments are jungles and I actually think things like suexec are great. I've never had any problems with CGI scripts and suexec. It always just worked out of the box. Installing BackupPC was the first time I had to setuid a CGI script for a parcticular user that is not the site user and now I can't seem to get it to work. Which would be a pity, because BackupPC seems like it would be perfect for my needs. Backuppc's only requirement is that the cgi program runs as the user that owns the rest of it's files. If you already have a mechanism to make that happen, use it instead of one that has its own policy. I'm guessing here, but I'd expect re-installing backuppc with the user plesk wants to force (or carefully changing ownership and the startup scripts) and removing the setuid mode would work. Otherwise, fire up a separate instance of httpd on a different port so you don't have to fight with the other one. Or, if you can trust Plesk not to undo your mods, either make the Suexec user the one you want, or remove it and let the perlsuid version take care of it. -- Les Mikesell [EMAIL PROTECTED] ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
Re: [BackupPC-users] BackupPC CGI interface and Plesk
Les Mikesell wrote: I'm guessing here, but I'd expect re-installing backuppc with the user plesk wants to force (or carefully changing ownership and the startup scripts) and removing the setuid mode would work. I'll try messing with it some more. Maybe I should indeed just use the user Plesk created instead of the backuppc user. Otherwise, fire up a separate instance of httpd on a different port so you don't have to fight with the other one. I heard a lot people give that suggestion, but I haven't been able to find out how to do actually do that. Any pointers (this is a CentOS 4.3 system with apache2)? Thanks again, Nils Breunese. ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
Re: [BackupPC-users] BackupPC CGI interface and Plesk
On Thu, 2006-06-08 at 19:59 +0200, Nils Breunese (Lemonbit Internet) wrote: I'll try messing with it some more. Maybe I should indeed just use the user Plesk created instead of the backuppc user. Otherwise, fire up a separate instance of httpd on a different port so you don't have to fight with the other one. I heard a lot people give that suggestion, but I haven't been able to find out how to do actually do that. Any pointers (this is a CentOS 4.3 system with apache2)? First you would build a suitable httpd.conf file setting it to listen on a different port and being careful about what else it includes to avoid conflicts with the stock version. Then you make a link to the httpd binary with a different name. Then copy /etc/init.d/httpd to a file with a different name and edit the copy to reference your linked name instead of httpd for the executable, pid file, etc. and to set '-f new_httpd.conf' in OPTIONS. chkconfig, service etc., will then all work with your new name for the other instance and when it starts it will use your modified config file. But, this is probably overkill for this purpose unless you need the speed of mod_perl. There has to be a way to make the stock version do what you want. -- Les Mikesell [EMAIL PROTECTED] ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
Re: [BackupPC-users] Special chars issue : reloaded ...
Paul Bijnens a écrit : kral schreef: If a folder on the root of the share (folder1) dont contain special char, there is no problem. It save successfully files like: /Folder1/é/é/__^^/.txt But when the folder on the root of the share contain somes, it just pass it and save nothing. I have searched on the list about similar situation with no success. I will continue some tests, to see if the error is specific to BackupFilesOnly or not. Still no one having this sort of problem, exclusively with the smb method? S O S :) I think most people have this problem. But the problem has an easy workaround. Just rename the top level directory. What is more important, a backup or an accent? Sure, this is a way to deal with it (actually, its what Iam doin'). It's ok when you use BackupFilesOnly method. It means you normaly have control over top level folders. But, Is this bug still there when using an Exclude list (meaning users could add folders, and should be archived)? In that case, it could be pretty annoying. Add to it the context where, you just can't change the toplevel folder, what do you do? IE: Iam trying to introduce Free Softwares on my company (hardly oriented Pro-M$) with utils scaled to the job (web appliances, file servers, and so on). To convince my hierarchy and perhaps change mentalities, should I say: My backup solution cant handle a tiny little accent It would ruin any trust to Free Softwares :) and I would be forced to continue to use Over-priced non-free solutions sometimes even worse (IE CA softwares ...). At last, I think a product claming : BackupPC is a high-performance, enterprise-grade system for backing up Linux and WinXX PCs Should care about little issues instead of avoiding the problem :) I think BackupPC could easily rival with major Disk Staging Solutions (D2D2T), but should resolve these type of minor problems that scare new-comers to Free Softwares :) Anyway, the goal of this post was to know if people have that bug or not, if it was already solved, to know if I should avoid the problem (by renaming folders) or fix it. Having no explicit opinion, I put light on it ... May be need a fix in future release? ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
Re: [BackupPC-users] Windows users sign up for BackupPC services
Tom Glancy a écrit : We are testing a self-service approach that allows users to initiate their own BackupPC back up services. The implementation uses PHP and some bash shell scripts to create an install bundle for the client, and to make the necessary server-side modifications (hosts file entry, back up directory, custom config.pl.). So far, this is working very well. Purpose: Allow users to easily sign up and install BackupPC service Assumptions: Any user with the network account can sign up for BackupPC service The user is using a Windows 2000 or Windows XP computer The user is logged into and signing up from the computer to be backed up rsyncd service is not running on the client computer Steps: 1 - User visits Sign Up web page on a web server that explains install process, with a link to sign up on BackupPC server 2 - User authenticates to the BackupPC html server using network account (ldap authentication) 3 - User is presented with a generic list of drives, checks the checkbox for drives to back up, clicks sign up 4 - System uses nmblookup to look up computer name from IP address 5 - System checks BackupPC hosts file and adds user name (from Step 2) and computer (if not already there) 6 - System creates the pc directory from the computer name, to hold back ups (if not already there) 7 - System creates install directory in pc directory, to hold install files 8 - System generates a random user name / password combination for rsync to use, different from network user name / password 9 - Using a template, system creates the client rsyncd.conf and rsyncd.secrets files in the install directory 10 - Using a template, system creates the user's custom config.pl file in the pc directory 11 - System creates a self-extracting zip file containing rsyncd.conf, rsyncd.secrets, cygwin1.dll, cygrunsrv.exe, README and an install.bat file (uses Filzip SFX) 12 - System writes config.pl, rsyncd.conf, rsyncd.secrets to user's LOG file 13 - System returns the self-extracting zip file to the user's browser 14 - User saves, then executes the self-extracting zip file 15 - On the user's computer, the self-extracting zip file creates a \backuppc directory, extracts all the files to it, and runs install.bat 16 - install.bat runs cygrunsrv.exe to install rsyncd as a service, configures Windows XP filewall to allow BackupPC via rsync 17 - Finished - user is prompted to browse to the BackupPC page Regards, Tom --- Tom Glancy Ecological Services Division IT Supervisor [EMAIL PROTECTED] 651-259-5097 Minnesota Department of Natural Resources 500 Lafayette Road - Box 25 St. Paul, MN 55155-4025 --- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/ Hi, This is a very interesting approach to use backupPC for Windows Backups. Is there a way to test it? ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
Re: [BackupPC-users] ssh options for special case
On Thu, Jun 08, 2006 at 10:04:03AM +0200, ADNET Ghislain wrote: -o \'StrictHostKeyChecking no\' -o StrictHostKeyChecking no my ssh wants: -o StrictHostKeyChecking=no danno -- dan pritts - systems administrator - internet2 734/352-4953 office734/834-7224 mobile ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/