man, 19 06 2006 kl. 13:46 -0400, skrev Rick DeNatale: > The problem with both this suggestion, AND the script given on the > faq > page is that although it works for backup it fails for restore. No, of course you have to put two lines in the sudoers file, if ypu take as many details as I, one for the backup command and one for the restore command in my sudoers it says:
backuppc ALL=NOPASSWD: /usr/bin/rsync --server --sender --numeric-ids --perms --owner --group -D --links --times --block-size=2048 --recursive * backuppc ALL=NOPASSWD: /usr/bin/rsync --server --numeric-ids --perms --owner --group -D --links --times --block-size=2048 * You can also set only one line to backuppc ALL=NOPASSWD: /usr/bin/rsync --server * as this will match both cases, but i prefer to restrict as much as possible, and use the two line solution > > I wonder how many people test their backup setup without testing > > restore? Don't know. I did! > > The way I do this is to use a script which contains > > > > exex /usr/bin/rsync $* > > > > which passes the arguments from the configuration in the backuppc > > server. This script is only writable by it's owner which is the user > > backuppcclient. > > > > I then setup my /etc/sudoers on the backuppc client host to only > allow > > the backuppcclient user to execute that ONE script as root. I think you are missing the point, there are no really difference between executing your scriipt and the command directly, as an evil user from the backuppc, getting access as the backuppcclient user, i can invoke the rsync with the parameters I want, and there by getting r/w access to all the files i want. And there by compromising the machine. -- Med venlig hilsen/mojn/regards Martin Hansen Center for Software Innovation Stenager 2, DK-6400 Sønderborg, Web: www.cfsi.dk Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
