Re: [BackupPC-users] Multi-tenancy for web interface possible
On Thu, Jun 21, 2012 at 2:05 PM, Kameleon wrote: > Yes. So now I have to rethink the way I initially set this up. I put > in root as the user on each server thinking that is what it used to > log into the server. The way the documentation reads it is only who > can administer that server and its backups but was not clear, to me, > that it didn't have to be root. Now I see that the "root" login to the > server is specified on the "rsyncclientcommand". I will be changing > this asap. Thanks for the input guys. > With the http authentication, the http users are separate from your system users. A user setup for http authentication called root would not the same as the system root user. Would be confusing though, so wouldn't recommend creating a user called root for the web access - use admin or something like that instead - or better yet, call it bob or something not related to admin type names. Chris -- Chris Stone AxisInternet, Inc. www.axint.net -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Multi-tenancy for web interface possible
Yes. So now I have to rethink the way I initially set this up. I put in root as the user on each server thinking that is what it used to log into the server. The way the documentation reads it is only who can administer that server and its backups but was not clear, to me, that it didn't have to be root. Now I see that the "root" login to the server is specified on the "rsyncclientcommand". I will be changing this asap. Thanks for the input guys. On Thu, Jun 21, 2012 at 1:51 PM, Les Mikesell wrote: > On Thu, Jun 21, 2012 at 1:28 PM, Kameleon wrote: >> Right, the other group won't be adding/deleting/etc hosts. All they >> will do is log in to do restores to their already setup hosts. What we >> want is for them to be able to login and only see their hosts and not >> ours. This is what you are saying is how it works correct? > > Yes, the admin user/group can do everything. Other users only see > what is delegated. Sometimes when people say multi-tenancy they mean > independent groups with separate and exclusive administration. As > long as one login or group is allowed to see everything it will do > what you want. > > -- > Les Mikesell > lesmikes...@gmail.com > > -- > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > ___ > BackupPC-users mailing list > BackupPC-users@lists.sourceforge.net > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki: http://backuppc.wiki.sourceforge.net > Project: http://backuppc.sourceforge.net/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Multi-tenancy for web interface possible
On Thu, Jun 21, 2012 at 1:28 PM, Kameleon wrote: > Right, the other group won't be adding/deleting/etc hosts. All they > will do is log in to do restores to their already setup hosts. What we > want is for them to be able to login and only see their hosts and not > ours. This is what you are saying is how it works correct? Yes, the admin user/group can do everything. Other users only see what is delegated. Sometimes when people say multi-tenancy they mean independent groups with separate and exclusive administration. As long as one login or group is allowed to see everything it will do what you want. -- Les Mikesell lesmikes...@gmail.com -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Multi-tenancy for web interface possible
Right, the other group won't be adding/deleting/etc hosts. All they will do is log in to do restores to their already setup hosts. What we want is for them to be able to login and only see their hosts and not ours. This is what you are saying is how it works correct? On Thu, Jun 21, 2012 at 1:18 PM, Les Mikesell wrote: > On Thu, Jun 21, 2012 at 1:06 PM, Kameleon wrote: >> Of course. :) Although the authentication was the backuppc user and >> its password. >> > > Note that only the admin user or someone in the admin group can create > new target hosts and these users can access all hosts. After hosts > are created and their owners assigned, the owner logins can see the > hosts delegated to them. The scheme doesn't handle separate groups, > each with their own admin capability but isolated from each other. > > -- > Les Mikesell > lesmikes...@gmail.com > > -- > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > ___ > BackupPC-users mailing list > BackupPC-users@lists.sourceforge.net > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki: http://backuppc.wiki.sourceforge.net > Project: http://backuppc.sourceforge.net/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Multi-tenancy for web interface possible
On Thu, Jun 21, 2012 at 1:06 PM, Kameleon wrote: > Of course. :) Although the authentication was the backuppc user and > its password. > Note that only the admin user or someone in the admin group can create new target hosts and these users can access all hosts. After hosts are created and their owners assigned, the owner logins can see the hosts delegated to them. The scheme doesn't handle separate groups, each with their own admin capability but isolated from each other. -- Les Mikesell lesmikes...@gmail.com -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Multi-tenancy for web interface possible
Of course. :) Although the authentication was the backuppc user and its password. On Thu, Jun 21, 2012 at 12:59 PM, Chris Stone wrote: > > On Thu, Jun 21, 2012 at 11:29 AM, Kameleon wrote: >> >> Well I think we never used any of the authentication and it didn't >> setup a .htaccess anywhere. Since we are in the midst of moving the >> server and going from ubuntu to centos I will be sure to fully >> configure it correctly this time. Thanks again. > > > Hope you had it firewalled! No authentication would open access to all of > your files by anybody that wanted them > > > > Chris > > -- > Chris Stone > AxisInternet, Inc. > www.axint.net > > -- > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > ___ > BackupPC-users mailing list > BackupPC-users@lists.sourceforge.net > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki: http://backuppc.wiki.sourceforge.net > Project: http://backuppc.sourceforge.net/ > -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Multi-tenancy for web interface possible
On Thu, Jun 21, 2012 at 11:29 AM, Kameleon wrote: > Well I think we never used any of the authentication and it didn't > setup a .htaccess anywhere. Since we are in the midst of moving the > server and going from ubuntu to centos I will be sure to fully > configure it correctly this time. Thanks again. > Hope you had it firewalled! No authentication would open access to all of your files by anybody that wanted them Chris -- Chris Stone AxisInternet, Inc. www.axint.net -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Multi-tenancy for web interface possible
Well I think we never used any of the authentication and it didn't setup a .htaccess anywhere. Since we are in the midst of moving the server and going from ubuntu to centos I will be sure to fully configure it correctly this time. Thanks again. On Thu, Jun 21, 2012 at 12:15 PM, Chris Stone wrote: > Donny, > > > On Thu, Jun 21, 2012 at 10:59 AM, Kameleon wrote: >> >> with user backuppc. This user is able to see every host we have. So I >> need to do some digging and remember how we setup authentication. But >> it should be as easy as adding another user to whatever mechanism we >> used and putting "user root More users newusername" on their hosts >> corect? >> > > The web interfaces uses http authentication and sets up (by default as I > recall) a .htaccess file in your cgi-bin directory (e.g. /var/www/cgi-bin) > like: > > [root@axisbackup ~]# cat /var/www/cgi-bin/.htaccess > AuthGroupFile /etc/httpd/conf/group # <--- change path as needed > AuthUserFile /etc/httpd/conf/passwd # <--- change path as needed > AuthType basic > AuthName "AxisBackup Access" > require valid-user > > So, with this, you'd add a new user with: > > htpasswd /etc/httpd/conf/passwd newusername > > You'll be prompted for the password and then that user (newusername) will be > added to the /etc/httpd/conf/passwd file and will then be able to log in. > Link them to hosts in the backuppc hosts file and you should be all set. > > > > > Chris > > > -- > Chris Stone > AxisInternet, Inc. > www.axint.net > > -- > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > ___ > BackupPC-users mailing list > BackupPC-users@lists.sourceforge.net > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki: http://backuppc.wiki.sourceforge.net > Project: http://backuppc.sourceforge.net/ > -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Multi-tenancy for web interface possible
Donny, On Thu, Jun 21, 2012 at 10:59 AM, Kameleon wrote: > with user backuppc. This user is able to see every host we have. So I > need to do some digging and remember how we setup authentication. But > it should be as easy as adding another user to whatever mechanism we > used and putting "user root More users newusername" on their hosts > corect? > > The web interfaces uses http authentication and sets up (by default as I recall) a .htaccess file in your cgi-bin directory (e.g. /var/www/cgi-bin) like: [root@axisbackup ~]# cat /var/www/cgi-bin/.htaccess AuthGroupFile /etc/httpd/conf/group# <--- change path as needed AuthUserFile /etc/httpd/conf/passwd # <--- change path as needed AuthType basic AuthName "AxisBackup Access" require valid-user So, with this, you'd add a new user with: htpasswd /etc/httpd/conf/passwd newusername You'll be prompted for the password and then that user (newusername) will be added to the /etc/httpd/conf/passwd file and will then be able to log in. Link them to hosts in the backuppc hosts file and you should be all set. Chris -- Chris Stone AxisInternet, Inc. www.axint.net -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Multi-tenancy for web interface possible
That is exactly what I was looking for. Thanks for the fast response. It has been forever since I have setup backuppc but on our current servers we use "user root" but login to the backuppc web interface with user backuppc. This user is able to see every host we have. So I need to do some digging and remember how we setup authentication. But it should be as easy as adding another user to whatever mechanism we used and putting "user root More users newusername" on their hosts corect? On Thu, Jun 21, 2012 at 11:33 AM, Chris Stone wrote: > Donny, > > > On Thu, Jun 21, 2012 at 10:24 AM, Kameleon wrote: >> >> We have one central backuppc server that we have been using for some >> years now. In our agency we actually have another IT group that >> handles a small subset of users. That groups backup server has crashed >> and we are looking at adding them to our backuppc server. However we >> do not want them to have access to our hosts and they need their own >> login. We would just setup another backuppc server for them but we >> want to utilize the de-duplication characteristics of backuppc to the >> maximum, hence sharing our server with them. Is this possible? > > > Sure you can - we do that here on 3 backup servers we run with BackupPC. > Just add their login user names to the BackupPC hosts file for the hosts > that login should have access to. For example, for the example hosts file: > > host dhcp user moreUsers # <--- do not edit > this line > farside 0 craig jill,jeff # <--- example static > IP host entry > farside2 0 craig > > In this case, craig, jill and jeff would have access to the computer > farside. No other users would have access to farside - nor would they even > see that it's setup on the server. For farside2, only craig would have > access - jill and jeff would not. > > > > Chris > > > -- > Chris Stone > AxisInternet, Inc. > www.axint.net > > -- > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > ___ > BackupPC-users mailing list > BackupPC-users@lists.sourceforge.net > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki: http://backuppc.wiki.sourceforge.net > Project: http://backuppc.sourceforge.net/ > -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Multi-tenancy for web interface possible
Donny, On Thu, Jun 21, 2012 at 10:24 AM, Kameleon wrote: > We have one central backuppc server that we have been using for some > years now. In our agency we actually have another IT group that > handles a small subset of users. That groups backup server has crashed > and we are looking at adding them to our backuppc server. However we > do not want them to have access to our hosts and they need their own > login. We would just setup another backuppc server for them but we > want to utilize the de-duplication characteristics of backuppc to the > maximum, hence sharing our server with them. Is this possible? > Sure you can - we do that here on 3 backup servers we run with BackupPC. Just add their login user names to the BackupPC hosts file for the hosts that login should have access to. For example, for the example hosts file: hostdhcpusermoreUsers # <--- do not edit this line farside0 craig jill,jeff # <--- example static IP host entry farside2 0 craig In this case, craig, jill and jeff would have access to the computer farside. No other users would have access to farside - nor would they even see that it's setup on the server. For farside2, only craig would have access - jill and jeff would not. Chris -- Chris Stone AxisInternet, Inc. www.axint.net -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
[BackupPC-users] Multi-tenancy for web interface possible
We have one central backuppc server that we have been using for some years now. In our agency we actually have another IT group that handles a small subset of users. That groups backup server has crashed and we are looking at adding them to our backuppc server. However we do not want them to have access to our hosts and they need their own login. We would just setup another backuppc server for them but we want to utilize the de-duplication characteristics of backuppc to the maximum, hence sharing our server with them. Is this possible? Donny B. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/