Re: [BackupPC-users] BackupPC 4.2.0 released

2018-05-03 Thread Holger Parplies 
Hi,

Steve Palm wrote on 2018-05-03 09:55:38 -0500 [Re: [BackupPC-users] BackupPC 
4.2.0 released]:
> I think that would cover it here, as you said, if you give someone Admin
> rights, then they can alter any other settings. Only a
> compile-build-install-time option to totally remove it would eliminate this
> possibility.

well, not really. If you can change the host settings, you can probably change
backup expiry to keep only one or two backups, change the data set to only
include /tmp, for example, and then manually force one or two backups. It's
not as fast and easy as a "maliciously delete all backups" button, but if
we're talking about security, it doesn't have to be easy, just possible.
With root access to the BackupPC server, it's just a matter of 'rm -r',
really. If you give someone 'Admin' capabilities (for whatever definition
may be applicable), he can administratively break things. There is really
no way to tell a computer to let someone only do constructive things.
'gzip /etc/passwd' is a good thing, right? ;-)

For the 'home use' type scenario (as in "backup *PC*"), where people "own"
machines they backup and restore as they like, there may be some merit in
allowing them to delete backups on their own.

For the 'office' type scenario (as in "*Backup* pc"), I would expect an IT
department (or some member(s) of it) to be responsible for backups, and
*nobody* else to have any access to them. The access control mechanism in
BackupPC is just not fine-grained enough - if you can see any data within a
backup, you can see all of it. In this scenario, you probably won't ever
manually delete backups, and if you do, you'll do it through shell access
to the BackupPC server from the command line. So you'll have a gratuitious
"shoot myself in the foot" button in the web interface, nothing more.

There will always be people who use BackupPC somewhere in between those
scenarios, so yes, why not give them the option of deleting backups through
the web interface?

> It is a great feature to have, especially with some restrictions on
> availability. Thanks!
> 
> > On Apr 21, 2018, at 7:43 PM, Craig Barratt via BackupPC-users 
> >  wrote:
> > 
> > I just pushed some changes [...] that add a new config variable
> > CgiUserDeleteBackupEnable (default off) which sets whether users can
> > delete backups via the CGI interface.

I agree that this makes sense (both the option and the default).

> >  Admins always have the delete feature enabled.

Absurdly, I'd suggest to always *dis*able the feature for admins. Well, no,
that doesn't make much sense, either. But it's so easy - even for admins -
to press the wrong button (just imagine an unresponsive browser or X server)
and then answer the confirmation dialog the wrong way. If a site has the
policy (or maybe even legal requirement) "we *never* manually delete backups",
they should be able to prevent this from happening accidentally (or
maliciously, if you prefer).

In fact, it's possible to disable direct restores, which can do great harm,
so I'd argue it should be possible to disable backup deletion, too.

Disclaimer: no, I haven't looked at the new version or its web interface, so
reality might be less problematic than the theory sounds. But even if it's
hard to shoot yourself in the foot, someone will manage ;-).

> > On Fri, Apr 20, 2018 at 11:05 AM, Craig Barratt 
> > > 
> > wrote:
> > [...]
> > How about I add a configuration setting that has three values - completely
> > off, admin only, or any user?  The default setting could be admin only.

I would prefer that implementation. Personally, I'd make the default setting
"completely off", though I trust people really *wanting* that setting could
easily enough change it, if the default were different. In a way, the default
setting seems to be a recommendation. Is manually deleting backups that are
no longer needed something the average BackupPC admin should do, or was it
added for the sake of being able to easily fix commonly made mistakes without
creating more problems along the way?

Regards,
Holger

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] BackupPC 4.2.0 released

2018-05-03 Thread Steve Palm 
I think that would cover it here, as you said, if you give someone Admin 
rights, then they can alter any other settings. Only a 
compile-build-install-time option to totally remove it would eliminate this 
possibility.

It is a great feature to have, especially with some restrictions on 
availability. Thanks!

> On Apr 21, 2018, at 7:43 PM, Craig Barratt via BackupPC-users 
>  wrote:
> 
> I just pushed some changes 
> 
>  that add a new config variable CgiUserDeleteBackupEnable (default off) which 
> sets whether users can delete backups via the CGI interface.  Admins always 
> have the delete feature enabled.
> 
> Craig
> 
> On Fri, Apr 20, 2018 at 11:05 AM, Craig Barratt 
> > 
> wrote:
> This is a very good point.
> 
> How about I add a configuration setting that has three values - completely 
> off, admin only, or any user?  The default setting could be admin only.
> 
> However, if it's turned off, any admin could change that setting back to 
> admin only.
> 
> Craig
> 
> On Monday, April 16, 2018, Steve Palm  > wrote:
> 
> On Apr 16, 2018, at 7:47 AM, Ghislain Adnet  > wrote:
> > Le 15/04/2018 à 01:10, Craig Barratt via BackupPC-users a écrit :
> >> BackupPC 4.2.0  >> > has been 
> >> released on Github.
> >> The changes since4.1.5 
> >>  >> >are listed 
> >> below.  The biggest change is a new feature in the web interface written 
> >> by @moisseev that allows prior backups to be deleted.
> > 
> > ohhh this is a very bad idea... Having a way to remove backup in the web 
> > interface  sounds cool but when a bad apple employee comes and destroy all 
> > the backups because he is angry this is a real issue. Same if account is 
> > comprimised
>  .
>  .
>  .
> >  is there a way to remove the feature so its not even loaded in the code 
> > (not just limited by the login/pass used) ?
> 
>  I didn't see where it was even configurable by user/login/etc...  If it is, 
> please post, and also a global "shutoff" would be great. Maybe a 
> compile/install option to not even include it as requested above, although 
> for our use case I don't think we need to go that far, hope I'm not ever 
> proven wrong on that. :)
> 
>  Thanks!
>  Steve
> 
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot 
> 
> ___
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net 
> 
> List:https://lists.sourceforge.net/lists/listinfo/backuppc-users 
> 
> Wiki:http://backuppc.wiki.sourceforge.net 
> 
> Project: http://backuppc.sourceforge.net/ 
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! 
> http://sdm.link/slashdot___
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki:http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] about installation of backuppc 4.2.0 on CentOS 7

2018-05-03 Thread Luigi Augello 
I solved, thanks Craig! what I ask now is:

The  4.2.0 it is a stable release? Because I  will use it on a backup
server.

My configuration provides that the web GUI starts upon a second instance
of web server using a different tcp port (eg. 8045). I will connect to
GUI with http://servebackup:8045/BackupPC
I read that there are this configuration option    $Conf{SCGIServerPort}
= -1;
it is related to my configuration or not?

I need to migrate backup configurations and data backups fron another
server where is installed the 3.3.1 release, can I do this?

Cheers

Luigi Augello


Il 02/05/2018 18:20, Craig Barratt via BackupPC-users ha scritto:
> Luigi,
>
> It looks like the CGI script is running correctly, but the static web
> data (CSS, images etc) are not being loaded.
>
> Inspect the page source.  The first few lines should include things
> like this:
>
>  href="/BackupPC/BackupPC_stnd.css" title="CSSFile">
> 
> 
> 
>
>
> On the BackupPC side, the path to those files in the html is specified
> by $Conf{CgiImageDirURL} (in the example above it is set
> to '/BackupPC').  The files (like logo.gif, BackupPC_stnd.css) should
> be stored in the path $Conf{CgiImageDir} (eg, /var/www/html/BackupPC
> but that depends on your install).
>
> So this URL should get you the BackupPC logo:
>
> http://HOSTNAME/BackupPC/logo.gif
>
>
> You should confirm that the apache configuration (eg, DocumentRoot)
> correctly maps regular html requests so that these are correctly
> served from the $Conf{CgiImageDir} directory.  Check your permissions too.
>
> Craig
>
> On Wed, May 2, 2018 at 6:03 AM, Luigi Augello  > wrote:
>
> Hello
> I installed BackupPC-4.2.0 on a Centos 7 server, I followed the
> instructions step by step several times and every timei have the
> GUI attached. Any suggestion?
>
> thanks
> Luigi
> -- 
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> 
> List:   
> https://lists.sourceforge.net/lists/listinfo/backuppc-users
> 
> Wiki:    http://backuppc.wiki.sourceforge.net
> 
> Project: http://backuppc.sourceforge.net/
> 
>
>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> ___
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki:http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/

-- 
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/