[wplug] FreeBSD tar and operator group permissions
Larry Daberko
larry at daberko.com
Thu Jun 19 15:18:14 EDT 2008
Thanks Tom. Those weren't the only directories, just a sample of the
error messages among many other directories.
I got a few things I'm trying with sudo. If I get it working, I'll post it.
LBD
> On Wed, 18 Jun 2008 15:35:10 -0400 (EDT)
> larry at daberko.com wrote:
>
>> Since our FreeBSD list is gone, I'm posting this here.
>>
>> My workplace uses BackupPC for backing up Linux boxes. I tried to make
>> FreeBSD work with it and am getting permission errors.
>>
>> I created a backuppc user, added it to the operator group. I also
>> generated a ssh key and copied the public key to the backup server. The
>> backup is done by doing rsync over ssh.
>>
>> I get these in the logs:
>> Remote[1]: rsync: opendir "/var/audit" failed: Permission denied (13)
>> Remote[1]: rsync: opendir "/var/backups" failed: Permission denied (13)
>> Remote[1]: rsync: opendir "/var/crash" failed: Permission denied (13)
>> etc etc
>>
>> Now, reading up on it, it appears that the operator group has read
>> access
>> to the *raw* disks, and not the files themselves. This would work
>> better
>> with dump?
>>
>> Am I correct?
>>
>> How can I fix it? I'd rather not have to give root access in order to
>> backup the system.
>
> The /var/audit directory is specifically used for AUDIT support
> in later FreeBSD systems. The /var/crash directory is for crash
> dumps, of course, and backups contains a backup copy of the
> password and group files (along with a few others).
>
> So if you really want to save core dumps, an empty audit
> directory (if not using audit), and old copies of the password
> files, I'm afraid you're stuck with being root for dealing
> with these directories. The operator is not permitted to
> access those specific directories.
>
> Two options come to mind. Using sudo and giving the user
> elevated, passwordless permissions for the backup command
> only, or by doing a dump.
>
> --
> Tom Rhodes
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
>
More information about the wplug
mailing list