Ronny writes: > I am taking backup of a directory /home, containing ~1000 users. > And i want to allow each of the users access to restore his own files. > But NOT to read/restore files that he normaly would not. > > Example: user1 have a file in /home/user1/private.txt that have 600 > permissions. I dont want user2 to be able to read this thru the backuppc > cgi. > > i have tested this with a line in hosts that say > server 0 root user1,user2 > > and it seams to me that user2 can read all files of the backup, even > files he normaly would have no access to. > > So how others solve this problem ? > must you have 1000 lines in hosts, one line for each homedir ? Or are > there a different way where i can have backuppc check the orginal > permissions and deny restore if the user in question dont have the right > access.
BackupPC doesn't provide a mechanism to have fine-grained per-user permissions when browsing backups. The host file users have permissions for the entire host: browsing, editing the configuration, starting and canceling backups, etc. Enforcing permissions is a bit difficult since apache doesn't provide the uid and gid - just the username - and the backups just contain the client uid/gid. There is no guarantee that user names and uid/gids are common between the server and client. Perhaps we could have a new config variable which forces the browse path for non-admin users, eg: $Conf{CgiUserBrowseChroot} = { 'user1' => '/home:/user1', 'user2' => '/home:/user2', }; (/home is the share, and /user1 is the path relative to that share) There could also be a wildcard form that allows any user to browse their folder: $Conf{CgiUserBrowseChroot} = { '*' => '/home:/*', }; One drawback is this host won't appear in the pulldown in the navigation bar, since that is based on the hosts file. So the user has to navigate to their host by knowing the correct URL. Craig ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/