[wplug] FreeBSD tar and operator group permissions
Larry Daberko
larry at daberko.com
Sat Jun 21 10:35:59 EDT 2008
I got it working with sudo, pretty much like you described. I just
prefaced the script with sudo on the backup server.
Relevant page:
http://backuppc.sourceforge.net/faq/ssh.html#how_can_client_access_as_root_be_avoided
Thanks for the tips!
Tom Rhodes wrote:
> On Thu, 19 Jun 2008 15:18:14 -0400 (EDT)
> "Larry Daberko" <larry at daberko.com> wrote:
>
>
>> Thanks Tom. Those weren't the only directories, just a sample of the
>> error messages among many other directories.
>>
>> I got a few things I'm trying with sudo. If I get it working, I'll post it.
>>
>> LBD
>>
>
> Depending on what, exactly, your security model is, you can
> use sudo to give passwordless control over a utility, such
> as a backup:
>
> operator ALL=NOPASSWD: /usr/local/bin/backup
>
> Where backup is a shell script that:
>
> Spins up a hard disk,
> mounts the hard disk,
> writes a backup to it using tar,
> spins down the hard disk.
>
> It's just one of the methods I'm using. Good luck,
>
>
>>> On Wed, 18 Jun 2008 15:35:10 -0400 (EDT)
>>> larry at daberko.com wrote:
>>>
>>>
>>>> Since our FreeBSD list is gone, I'm posting this here.
>>>>
>>>> My workplace uses BackupPC for backing up Linux boxes. I tried to make
>>>> FreeBSD work with it and am getting permission errors.
>>>>
>>>> I created a backuppc user, added it to the operator group. I also
>>>> generated a ssh key and copied the public key to the backup server. The
>>>> backup is done by doing rsync over ssh.
>>>>
>>>> I get these in the logs:
>>>> Remote[1]: rsync: opendir "/var/audit" failed: Permission denied (13)
>>>> Remote[1]: rsync: opendir "/var/backups" failed: Permission denied (13)
>>>> Remote[1]: rsync: opendir "/var/crash" failed: Permission denied (13)
>>>> etc etc
>>>>
>>>> Now, reading up on it, it appears that the operator group has read
>>>> access
>>>> to the *raw* disks, and not the files themselves. This would work
>>>> better
>>>> with dump?
>>>>
>>>> Am I correct?
>>>>
>>>> How can I fix it? I'd rather not have to give root access in order to
>>>> backup the system.
>>>>
>>> The /var/audit directory is specifically used for AUDIT support
>>> in later FreeBSD systems. The /var/crash directory is for crash
>>> dumps, of course, and backups contains a backup copy of the
>>> password and group files (along with a few others).
>>>
>>> So if you really want to save core dumps, an empty audit
>>> directory (if not using audit), and old copies of the password
>>> files, I'm afraid you're stuck with being root for dealing
>>> with these directories. The operator is not permitted to
>>> access those specific directories.
>>>
>>> Two options come to mind. Using sudo and giving the user
>>> elevated, passwordless permissions for the backup command
>>> only, or by doing a dump.
>>>
>>> --
>>> Tom Rhodes
>>> _______________________________________________
>>> wplug mailing list
>>> wplug at wplug.org
>>> http://www.wplug.org/mailman/listinfo/wplug
>>>
>>>
>> _______________________________________________
>> wplug mailing list
>> wplug at wplug.org
>> http://www.wplug.org/mailman/listinfo/wplug
>>
>>
>
>
>
More information about the wplug
mailing list