On Mon, 2009-09-14 at 19:43 -0400, John Watlington wrote: > You are correct. Since your backup script by definition needs to > read ALL data, > regardless of ownership or permissions, you will have to run it with > superuser > priviledges.
Unless, if this isn't a huge security hole, we can relax permissions (i.e. chmod -R g+r /library/users and reconfigure whatever creates users backups with ownership SN:SN to use SN:wheel). > > Why don't you consider using the rsync server, instead of invoking it > through a user ? > What is the advantage of doing this instead of a pull using rsync thourgh ssh as proposed by Rodolfo? That the rsync server would run as root (hence we would have access to the whole filesystem)? Raúl > John > > > On Sep 14, 2009, at 3:26 PM, Rodolfo D. wrote: > > > Hello: > > > > I'm working on a backup and restore feature for our schoolservers, > > and I got stuck on home directories of laptops > > > > The backup works like this.. based on the backup script provided by > > dsd, and also based on our specific features.. I placed all > > important data in a directory "/library/backup" (wich can later be > > tar, ziped, and in our case rsync-ed), and its being done by a cron > > job > > > > On a centralized backup server.. we have a script that PULLS the / > > library/backup of each server, so main configs are being saved > > without much hassle.. But when it comes to user directories, it > > lack permissions, because the /library/users/SN directory has no > > read permissions for others > > > > how would you recomend that we do this? > > > > My first thought was to simply just add recursive read permissions > > to the user folder.. but that doesn't take security in mind.. > > perhaps there's another way > > > > for now our pull works like this: > > > > r...@backupserver ~ $ rsync u...@schoolserver:/library/backup/ / > > backup/schoolserver/backup/ > > r...@backupserver ~ $ rsync u...@schoolserver:/library/users/ / > > backup/schoolserver/users/ > > > > r...@backupserver ~ $ rsync us...@schoolserver2:/library/backup/ / > > backup/schoolserver/backup/ > > r...@backupserver ~ $ rsync us...@schoolserver2:/library/users/ / > > backup/schoolserver/users/ > > > > Doing a push as a cron job from the server was a second idea, but > > the backup server does "other" things so security in the backup > > server is very important > > > > Any ideas? > > > > cheers.. > > > > -- > > Rodolfo > > > > _______________________________________________ > > Server-devel mailing list > > Server-devel@lists.laptop.org > > http://lists.laptop.org/listinfo/server-devel > > _______________________________________________ > Server-devel mailing list > Server-devel@lists.laptop.org > http://lists.laptop.org/listinfo/server-devel > _______________________________________________ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel