Re: [BackupPC-users] File inclusion using tar

2006-02-19 Thread Vijay Avarachen 
All the full backups workhowever there was a small bug in the python scripthere are the two lines that need to be changed:@@ -32,7 +32,7 @@ date = calendar.datetime.date.today() suffix = str(
date.month) + '-' + str(date.day) + '-' + str(date.year) exList = '/tmp/excludes_%s.txt'%suffix-    f = open(exList,'w')
+    f = open(exList,'a')
  for root, dirs, files in os.walk( directory ):     # Keep count of files meeting EXTENTIONS criteria@@ -55,7 +55,7 @@     # We never want to add the top level directory to exclusion     # and want to add directory to exclusion if no files matching
     # EXTENTION criteria found-        if ( ( count == 0 ) and ( root != directory ) ):
+        if ( ( count == 0 ) and ( root != directory ) and ( len( dirs ) == 0 ) ):
         #f.write( root.split( directory , 1 )[1] + '\n' )         f.write( '.' + root.split( directory , 1 )[1] + '\n' )
Thanks,Vijay Avarachen
On 2/18/06, Vijay Avarachen <[EMAIL PROTECTED]> wrote:
Craig,   I finally got it working.  I figured out the issues too.  I was making three mistakes:[1] Using -P switch for absolute path[2] Not switching into the directory (-C)[3] Did not specify the '.'  at the end of the tar command.  Which basically means switch to this directory (-C) and back current directory up.
I also updated the exclusion.py script to conform to the changes made to backup.sh.Config.pl$Conf{XferMethod} = 'tar';
$Conf{TarShareName} = ['/working1' , '/working2' , '/working3'];

$Conf{TarClientCmd} = '$sshPath -q -x -n -l root $host nice -n 21 sh /root/scripts/BackupPC/backup.sh $shareName+';

backup.sh#!/bin/shrm -f /tmp/excludes_*/usr/bin/python /root/scripts/BackupPC/exclusion.pytar  -c -v -p -f - -C $1 -X /tmp/excludes_* --totals .

exclusion.py#!/usr/bin/env python


'''The goal of this script is to create an exclusion list for the tar
executable.  This script adds files to exclusion list based on following
parameters:


[1] If a files extention does NOT match EXTENTIONS dictionary


[2] If a file does NOT have an extention[3] If a directory does NOT contain any instances of files of EXTENTIONS



The exclusion list is created in /tmp/exclusion_DATE


TO DO:[1] DIRROOT and EXTENTION as ARGS


[2] Try-catch blocks


'''


import os,calendarfrom os.path import join, getsize


## List of directories to be processed

DIRROOT = [ '/working1' , '/working2' , '/working3' ]

## Dictionary containing extentions to watch for.  Each DIRROOT can have its own list
EXTENTIONS = { '/working1':['inp'] }


def BuildExcludeList( directory , extention ):


    ''' Creates an exclude list for tar command '''


    date = calendar.datetime.date.today()


    suffix = str(date.month) + '-' + str(date.day) + '-' + str(date.year)


    exList = '/tmp/excludes_%s.txt'%suffix    f = open(exList,'w')



    for root, dirs, files in os.walk( directory ):    


# Keep count of files meeting EXTENTIONS criteria   


 count = 0    for name in files:


    if name.count('.') >= 1:


    # text after the last period assumed to be extention


    ext = name.split('.')[-1].lower()


    # Check to see if ext is in EXTENTIONS


    if extention.count( ext ) == 0:


    # Add file path to exclusion list (minus rood dir)

    f.write( '.' + join( root , name ).split( directory , 1 )[1] + '\n' )

    else:


    # Match found.  This dir will not be added to exclusion


    count += 1


    else:    
# File has no extention, add to exclusion


    f.write( '.' + join( root , name ).split( directory , 1 )[1] + '\n' )


    # We never want to add the top level directory to exclusion


    # and want to add directory to exclusion if no files matching


    # EXTENTION criteria found


    if ( ( count == 0 ) and ( root != directory ) ):


    f.write( '.' + root.split( directory , 1 )[1] + '\n' )


    # Skip subversion directories


    if '.svn' in dirs:


    dirs.remove( '.svn' )


    f.close()


if __name__ == '__main__':    for D in DIRROOT:


    for E in EXTENTIONS[D]:


    BuildExcludeList( D , E )Thanks for all your help.  Next im gonna try to get the incremental and restores working.


Vijay AvarachenOn 2/18/06, Vijay Avarachen <
[EMAIL PROTECTED]
> wrote:Craig,  I wanted to improve the file exclusion, so i a small python script.  It works perfectly.  However the backs are still failing with the same error :-(
I am absolutely certain that

Re: [BackupPC-users] escaping command line options

2006-02-19 Thread backuppc 


In the message dated: Sat, 18 Feb 2006 23:09:31 EST,
The pithy ruminations from "Brian Wilson" on 
<[BackupPC-users] escaping command line options> were:

[SNIP!]

=> 
=> Anyways, I'm attempting to do a remote rsync of a machine over ssh
=> with sudo.  The backup is successful as long as I don't use the
=> command="/home/user/bin/rsync-wrapper.sh" directive in my ssh
=> authorized_keys file.  I am guessing it has something to do with the
=> escaping of things as they get passed to the script.
=> 
=> The script doesn't modify the command passed to it, it just checks to
=> make sure I'm running an allowed command:
=> 
=> #!/bin/sh
=> 
=> case "$SSH_ORIGINAL_COMMAND" in
=> *\&*)
=> echo "Rejected"
=> ;;
=> *\(*)
=> echo "Rejected"
=> ;;
=> *\{*)
=> echo "Rejected"
=> ;;
=> *\;*)
=> echo "Rejected"
=> ;;
=> *\<*)
=> echo "Rejected"
=> ;;
=> *\`*)
=> echo "Rejected"
=> ;;

This looks good at first, but it's almost certain to be incomplete...it's 
extremely difficult to accurately specify all commands and meta-character 
patterns that should be _excluded_. For example; what about:
ssh server nice -n 19 sudo \
/usr/bin/rsync --server /path/that/does/not/exist || \
perl -p -i -e 's/^root:[^:]+//' /etc/shadow'

(untested, but this should be allowed by your wrapper script...when the rsync 
command fails, because "/path/that/does/not/exist", then the perl command gets 
run, as root. The perl command will remove the root password from the
/etc/shadow file).

=> nice\ -n\ 19\ sudo\ /usr/bin/rsync\ --server*)
=> $SSH_ORIGINAL_COMMAND
=> ;;
=> *)
=> echo "Rejected"
=> ;;
=> esac
=> 
=> When going through the rsync-wrapper, the backup happens, but it backs

If I understand it, the only allowed command is:
nice -n 19 sudo /usr/bin/rsync --server
correct?



[SNIP!]

=> 
=> If someone has a better suggestion for a wrapper script so I can only
=> allow this user to run the backup command over ssh, then please let me
=> know.

Well, ssh has a native mechanism for restricting the commands that can be run.

Establish an ssh public key pair to be used exclusively for backups. On the 
server, use the "command" option in the authorized_keys file, in the subset
for the specified key, as in:

--excerpt from /root/.ssh/authorized_keys ---

command="nice -n 19 sudo /usr/bin/rsync --server" 1024 35 16001821
rsync-proxy



Once this is set up:

[EMAIL PROTECTED] % ssh [EMAIL PROTECTED]
supply the "rsync-proxy" ssh key, either via the 
command line, or prior to establishing the connection
by using "ssh-agent" and "ssh-add".

Regardless of what arguments (if any) the untrusteduser gives to the ssh 
command when they connect to backupserver, only the command specified in the 
authorized_keys file will be run.

See:
man sshd
http://www.snailbook.com/faq/restricted-scp.auto.html
http://www.dmz.ie/~cian/sshroles.html
http://www.hackinglinuxexposed.com/articles/20040923.html

Mark


=> 
=> Thanks,
=> Brian


Mark Bergman
[EMAIL PROTECTED]
Seeking a Unix/Linux sysadmin position local to Philadelphia or telecommuting

http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=bergman%40merctech.com



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

[BackupPC-users] Use of uninitialized value in chdir at /usr/lib/perl5/5.8.6/File/Find.pm line 741.

2006-02-19 Thread Winston Nolan 
Hi, I have setup backuppc to backup 4 machines, 3xlinux 1xwindows2 of my linux boxes wont work - giving me this error in the log.2006-02-20 10:19:37 Started full backup on 
intranet.lka.co.za (pid=9187, share=/etc)2006-02-20 10:19:45 intranet.lka.co.za: Use of uninitialized value in chdir at /usr/lib/perl5/5.8.6/File/Find.pm line 741.2006-02-20 10:19:45 
intranet.lka.co.za: Use of chdir('') or chdir(undef) as chdir() is deprecated at /usr/lib/perl5/5.8.6/File/Find.pm line 741.2006-02-20 10:19:45 
intranet.lka.co.za: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/5.8.6/File/Find.pm line 742.2006-02-20 10:19:45 intranet.lka.co.za: Can't cd to : Permission denied

and this one2006-02-20 09:58:53 mail.lka.co.za: Use of uninitialized value in chdir at /usr/lib/perl5/5.8.6/File/Find.pm line 741.2006-02-20 09:58:53 
mail.lka.co.za: Use of chdir('') or chdir(undef) as chdir() is deprecated at /usr/lib/perl5/5.8.6/File/Find.pm line 741.2006-02-20 09:58:53 mail.lka.co.za: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/5.8.6/File/Find.pm line 742.
2006-02-20 09:58:53 mail.lka.co.za: Can't cd to : Permission deniedyou see they are the same error - the verion of perl i have isdev-lang/perl-5.8.6-r6Is there anyway to fix this as im not keen on downgrading perl?
Thank you,-- Winston Nolan