Hi, Rob Morin wrote on 18.10.2007 at 08:15:47 [[BackupPC-users] A tar restore issue, does not work on localhost]: > So i found this post , i forget where that mentioned to use a tarCreat > file via sudo to do localhost backups... that works fine but restoring > does not work, any help appreciated.... All other servers vis rsync > work just fine....
let me put into a question what I gather from your post you might be asking: "I'm doing local backups with XferMethod tar via sudo and a helper script. What do I need to observe when doing restores?" Well, first of all, you'll also need to use sudo. If the backuppc user doesn't have sufficient permissions for *reading* the files for backup, he almost definitely won't have sufficient permissions for *writing* them on restore. Second, such helper scripts are a very real security risk. There's just about no advantage, and it's easy to get things wrong. If the backuppc user has *write access* to the script, he (or rather an intruder gaining backuppc user priviledges) has immediate full root access to the system, simply by putting anything he wants into that script and executing it with 'sudo'. Even worse, *any other user* with write access to the script (by local or remote means) can alter it and simply wait for a scheduled backup to be run, thus executing his commands. With such a script, you *really* need to make sure that *only root* has write access to it. Even worse, you need to ensure that command injection is impossible (which it probably isn't). Otherwise an attacker does not even need write access to the script in order to abuse it. You can achieve the same as with your unhelpful helper script without the risks by simply putting this into the sudoers file: backuppc ALL=NOPASSWD: /bin/tar -c * That said, the only point of this seems to be to *limit backuppc's access to reading*, i.e. creating tar files and not extracting tar files. If you want to allow both backup and restore, it simply becomes backuppc ALL=NOPASSWD: /bin/tar True, if you wanted to do more complex things like limit what the backuppc user is allowed to backup, you'd need a helper script, but you're not doing that. So, to sum it up: 1.) add to localhost.pl $Conf {TarClientRestoreCmd} = '/usr/bin/sudo $tarPath -x -p --numeric-owner --same-owner -v -f - -C $shareName'; 2.) change the sudoers line to backuppc ALL=NOPASSWD: /bin/tar 3.) be more precise with your spelling ... > locahost.pl file > The tarCreat file used > backuppc ALL = NOPASSWD: /usr/local/bin/tarCreate One other thing (actually, the part you are currently having problems with as opposed to what problems would come after you've fixed that, which I have addressed above): > Error as seen in the web gui along with the command used > > 2007-10-17 16:05:56 Running: /usr/share/backuppc/bin/BackupPC_tarCreate > -h localhost <http://joe.dido.ca:888/backuppc/index.cgi?host=localhost> > -n 8 -s / -t -r /home/rob -p /home/rob/ /home/rob/Videotron.txt > 2007-10-17 16:06:00 Restore failed (BackupPC_tarCreate failed) it appears you've incorrectly pasted something into somewhere. I *often* see things people have pasted from the web interface containing HTML markup on this list. I suppose people are either too lazy to remove it or don't notice. Perl does. The "<http://joe.dido.ca:888/backuppc/index.cgi?host=localhost>" does ***not*** belong in that command. I'm not really sure where it came from, but if it's really in the log file (and thus was in the command) and not just misquoted, then it's the cause of your problems. Hope that > HELP! s. Regards, Holger ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/