[wplug] FreeBSD tar and operator group permissions

Larry Daberko larry at daberko.com
Sat Jun 21 10:35:59 EDT 2008


I got it working with sudo, pretty much like you described.  I just 
prefaced the script with sudo on the backup server.

Relevant page: 
http://backuppc.sourceforge.net/faq/ssh.html#how_can_client_access_as_root_be_avoided

Thanks for the tips!


Tom Rhodes wrote:
> On Thu, 19 Jun 2008 15:18:14 -0400 (EDT)
> "Larry Daberko" <larry at daberko.com> wrote:
>
>   
>> Thanks Tom.  Those weren't the only directories, just a sample of the
>> error messages among many other directories.
>>
>> I got a few things I'm trying with sudo.  If I get it working, I'll post it.
>>
>> LBD
>>     
>
> Depending on what, exactly, your security model is, you can
> use sudo to give passwordless control over a utility, such
> as a backup:
>
> operator ALL=NOPASSWD: /usr/local/bin/backup
>
> Where backup is a shell script that:
>
> Spins up a hard disk,
> mounts the hard disk,
> writes a backup to it using tar,
> spins down the hard disk.
>
> It's just one of the methods I'm using.  Good luck,
>
>   
>>> On Wed, 18 Jun 2008 15:35:10 -0400 (EDT)
>>> larry at daberko.com wrote:
>>>
>>>       
>>>> Since our FreeBSD list is gone, I'm posting this here.
>>>>
>>>> My workplace uses BackupPC for backing up Linux boxes.  I tried to make
>>>> FreeBSD work with it and am getting permission errors.
>>>>
>>>> I created a backuppc user, added it to the operator group.  I also
>>>> generated a ssh key and copied the public key to the backup server.  The
>>>> backup is done by doing rsync over ssh.
>>>>
>>>> I get these in the logs:
>>>> Remote[1]: rsync: opendir "/var/audit" failed: Permission denied (13)
>>>> Remote[1]: rsync: opendir "/var/backups" failed: Permission denied (13)
>>>> Remote[1]: rsync: opendir "/var/crash" failed: Permission denied (13)
>>>> etc etc
>>>>
>>>> Now, reading up on it, it appears that the operator group has read
>>>> access
>>>> to the *raw* disks, and not the files themselves.  This would work
>>>> better
>>>> with dump?
>>>>
>>>> Am I correct?
>>>>
>>>> How can I fix it?  I'd rather not have to give root access in order to
>>>> backup the system.
>>>>         
>>> The /var/audit directory is specifically used for AUDIT support
>>> in later FreeBSD systems.  The /var/crash directory is for crash
>>> dumps, of course, and backups contains a backup copy of the
>>> password and group files (along with a few others).
>>>
>>> So if you really want to save core dumps, an empty audit
>>> directory (if not using audit), and old copies of the password
>>> files, I'm afraid you're stuck with being root for dealing
>>> with these directories.  The operator is not permitted to
>>> access those specific directories.
>>>
>>> Two options come to mind.  Using sudo and giving the user
>>> elevated, passwordless permissions for the backup command
>>> only, or by doing a dump.
>>>
>>> --
>>> Tom Rhodes
>>> _______________________________________________
>>> wplug mailing list
>>> wplug at wplug.org
>>> http://www.wplug.org/mailman/listinfo/wplug
>>>
>>>       
>> _______________________________________________
>> wplug mailing list
>> wplug at wplug.org
>> http://www.wplug.org/mailman/listinfo/wplug
>>
>>     
>
>
>   



More information about the wplug mailing list