[wplug] FreeBSD tar and operator group permissions

Tom Rhodes trhodes at FreeBSD.org
Wed Jun 18 19:10:54 EDT 2008


On Wed, 18 Jun 2008 15:35:10 -0400 (EDT)
larry at daberko.com wrote:

> Since our FreeBSD list is gone, I'm posting this here.
> 
> My workplace uses BackupPC for backing up Linux boxes.  I tried to make
> FreeBSD work with it and am getting permission errors.
> 
> I created a backuppc user, added it to the operator group.  I also
> generated a ssh key and copied the public key to the backup server.  The
> backup is done by doing rsync over ssh.
> 
> I get these in the logs:
> Remote[1]: rsync: opendir "/var/audit" failed: Permission denied (13)
> Remote[1]: rsync: opendir "/var/backups" failed: Permission denied (13)
> Remote[1]: rsync: opendir "/var/crash" failed: Permission denied (13)
> etc etc
> 
> Now, reading up on it, it appears that the operator group has read access
> to the *raw* disks, and not the files themselves.  This would work better
> with dump?
> 
> Am I correct?
> 
> How can I fix it?  I'd rather not have to give root access in order to
> backup the system.

The /var/audit directory is specifically used for AUDIT support
in later FreeBSD systems.  The /var/crash directory is for crash
dumps, of course, and backups contains a backup copy of the
password and group files (along with a few others).

So if you really want to save core dumps, an empty audit
directory (if not using audit), and old copies of the password
files, I'm afraid you're stuck with being root for dealing
with these directories.  The operator is not permitted to
access those specific directories.

Two options come to mind.  Using sudo and giving the user
elevated, passwordless permissions for the backup command
only, or by doing a dump.

-- 
Tom Rhodes


More information about the wplug mailing list