Re: osx remote backup wrong permissions

2010-11-04 Thread Robert DuToit 
Hi All,

On Oct 31, 2010, at 5:12 PM, Wayne Davison wrote:

 On Sun, Oct 31, 2010 at 10:57 AM, Robert DuToit rdut...@comcast.net wrote:
 Does the server (or other computer in this case) always need a root account 
 established for this to work? I tried everything else and the owner always 
 became that of the remote user.
 
 The user running the receiving rsync needs to be able to chown things 
 (change a file's ownership).  Rsync only attempts to chown files if (1) the 
 running user ID is 0 (typically root) or (2) the --super option was used.  
 See the manpage for what --super affects.

I've been wrestling with this all week and basically.

It is fairly easy to run non-attended backups with rsync using the PKA dsa keys 
with various security measures, either with passwords and ssh-agent or, without 
password with limits on the receiver for the allowed users, command etc…

But doing that and preserving ownership ( chown ) on the receiver is another 
matter.

No problem with enabling the root account but that is definitely not a good 
thing to do on a permanent basis. So:

So far transferring a test folder with system privileges to preserve, I found 
using sudo on the remote rsync path to work but you have to edit the sudoers 
file (not for the faint of heart) to allow noPasswd for the admin user if you 
want to not be asked for password on the remote side.

the remoteUserName = my  admin account on the remote side.

sudo /rsync -aNHAXx  --protect-args --fileflags --protect-decmpfs 
--force-change --stats --progress -v  --rsync-path=sudo /rsync  /var/audit  
remoteusern...@192.168.11.2:/Users/remoteUserName/Desktop

again I can set this up but wouldn't suggest someone else modifying sudoers 
with visudo.


So I tried Mike's suggested method and set up the keys in the root .ssh folder 
and the authorized_keys file in the remote root .ssh folder:

http://www.afp548.com/netboot/mactips/rsync.html

sudo ssh-keygen -t dsa -f /private/var/root/.ssh/id_dsa -C your comment
sudo cat /private/var/root/.ssh/id_dsa.pub | ssh r...@192.168.11.2 'cat -  
~/.ssh/authorized_keys' 

local/Path/To/rsync -aNHAXx --protect-args --fileflags --force-change 
--rsync-path=/usr/local/bin/rsync   /var/audit   
r...@192.168.11.2:/Users/remoteUserName/Desktop

all permissions set appropriately etc.

But every time I run this it prompts for password three times and fails with 
Permission denied  

~ $ ssh rem...@192.168.11.2
The authenticity of host '192.168.15.2 (192.168.15.2)' can't be established.
RSA key fingerprint is 0c:aa:76:ca:89:54:dd:49:13:c7:dd:09:ee:19:7d:8c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.15.2' (RSA) to the list of known hosts.
Password:
Password:
Password:
Permission denied (publickey,keyboard-interactive).

I tried specifying the -e ssh -i /private/var/root/.ssh/id_dsa in the rsync 
line  but that throws same error- Actually it says access denied for  
/private/var/root/.ssh/id_dsa - no such file etc..

I have been using CCC with Mike's packaged keys for some time and that works 
great but my own setup doesn't. Not sure what the dif is here.

If anyone, or Mike if you are out there, has some input I would be grateful. I 
have my own rsync wrapper app and would like to be able to get this working for 
it. 

Thanks,  Rob






  
 ..wayne..

-- 
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

Re: osx remote backup wrong permissions

2010-10-31 Thread Robert DuToit 
Hi All,

FWIW, I got my test to work. I realized the permissions were actually ok- the 
owner/group bits were off. I set up a root account on the other laptop and 
logged out of it then ran

/rsync -aNHAXx  --protect-args --fileflags --protect-decmpfs --force-change 
--stats --progress -v --rsync-path=/rsync  /private/var/audit  
r...@ipaddress:/Users/myUser/backup

and the resulting owner (System) and Group were preserved.

Does the server (or other computer in this case) always need a root account 
established for this to work? I tried everything else and the owner always 
became that of the remote user.

Cheers,  Rob



On Oct 30, 2010, at 9:35 PM, Robert DuToit wrote:

 
 On Oct 30, 2010, at 8:27 PM, Mike Bombich wrote:
 
 
 On Oct 30, 2010, at 9:02 AM, Robert DuToit wrote:
 
 Hi All,
 
 I'm trying a remote backup for the first time. It is between two laptops, I 
 installed rsync 3.0.7 on both compiled
 
 patch -p1 patches/fileflags.diff
 
 patch -p1 patches/crtimes.diff
 
 patch -p1 patches/crtimes-64bit.diff
 
 patch -p1 patches/crtimes-hfs+.dif
 f
 patch -p1 patches/hfs_compression.diff 
 
 ./configure
 
 make
 
 this all works perfectly for local backups, clones etc. Everything gets 
 copied as is to the volume.
 
 I have tried without ssh keys, with keys, keys with and without passwords 
 (via ssh-agent) and it all works except that it won't copy the correct 
 permissions on System files
 
 example run with locked system folder var/audit going to 
 servern...@100.102.15.4 (not my real address here of course):
 
 sudo /rsync -aNHAXx  --protect-args --fileflags --protect-decmpfs 
 --force-change --stats --progress -vvv --rsync-path=/rsync  
 /private/var/audit  servern...@100.102.15.4:/Volumes/Extra/eee
 
 What's this servername account?  You should be using root if you want to 
 preserve root ownership.
 
 Mike
 
 Hi Mike,
 
 That's the admin account name/address on the other laptop. Should it be 
 r...@192.168.15.4? I'm afraid this is all new to me - the remote stuff….
 
 Rob
 
 
 
 Ignore ownership unchecked on dest.
 
 The permissions are changed from readwrite only on System to readwrite on 
 my user account on the receiver. I copied the whole System but the results 
 were the same though some files had permission denied errors. The output on 
 my test folder show nothing remarkable, no errors, etc.  Am I missing 
 something here? 
 
 Any thoughts appreciated or directions to look in. 
 
 Thanks,  Rob
 
 
 
 
 delta-transmission enabled
 recv_files(1) starting
 recv_generator(audit,1)
 recv_generator(audit,2)
 send_files(2, /private/var/audit)
 audit/
 set modtime of audit to (1288417603) Sat Oct 30 01:46:43 2010
 recv_generator(audit/20100701144405.20100702030039,3)
 send_files(3, /private/var/audit/20100701144405.20100702030039)
 send_files mapped /private/var/audit/20100701144405.20100702030039 of size 
 21066
 calling match_sums /private/var/audit/20100701144405.20100702030039
 audit/20100701144405.20100702030039
 21066 100%0.00kB/s0:00:00
 sending file_sum
 false_alarms=0 hash_hits=0 matches=0
 21066 100%0.00kB/s0:00:00 (xfer#1, to-check=240/242)
 sender finished /private/var/audit/20100701144405.20100702030039
 recv_generator(audit/20100702030127.20100702052825,4)
 send_files(4, /private/var/audit/20100702030127.20100702052825)
 send_files mapped /private/var/audit/20100702030127.20100702052825 of size 
 15417
 calling match_sums /private/var/audit/20100702030127.20100702052825
 audit/20100702030127.20100702052825
 15417 100%7.35MB/s0:00:00
 sending file_sum
 false_alarms=0 hash_hits=0 matches=0
 15417 100%7.35MB/s0:00:00 (xfer#2, to-check=239/242)
 sender finished /private/var/audit/20100702030127.20100702052825
 recv_generator(audit/20100702111829.20100703030341,5)
 send_files(5, /private/var/audit/20100702111829.20100703030341)
 send_files mapped /private/var/audit/20100702111829.20100703030341 of size 
 64184
 calling match_sums /private/var/audit/20100702111829.20100703030341
 audit/20100702111829.20100703030341
 
 
 ##and later on down the page###
 
 generate_files phase=1
 recv_files(audit)
 recv_files(audit/20100701144405.20100702030039)
 got file_sum
 set modtime of audit/.20100701144405.20100702030039.U7yt17 to (1278039638) 
 Thu Jul  1 23:00:38 2010
 renaming audit/.20100701144405.20100702030039.U7yt17 to 
 audit/20100701144405.20100702030039
 recv_files(audit/20100702030127.20100702052825)
 got file_sum
 set modtime of audit/.20100702030127.20100702052825.hzHr5M to (1278048505) 
 Fri Jul  2 01:28:25 2010
 renaming audit/.20100702030127.20100702052825.hzHr5M to 
 audit/20100702030127.20100702052825
 recv_files(audit/20100702111829.20100703030341)
 got file_sum
 set modtime of audit/.20100702111829.20100703030341.sSoTwl to (1278126221) 
 Fri Jul  2 23:03:41 2010
 renaming audit/.20100702111829.20100703030341.sSoTwl to 
 audit/20100702111829.20100703030341
 recv_files(audit/20100703030442.20100703045821)
 got file_sum
 
 --