Hello all! I'm normally a Debian guy, but for a project I'm forced to use
CentOS 4.7. I installed BackupPC 3.1.0 from source. I'm trying to get
BackupPC running on that box, and I cannot seem to get BackupPC_Admin (or
the testsuid script found here -
http://backuppc.sourceforge.net/faq/debugCGI.html) to work.
Judging by what I've seen in this thread,
http://www.mail-archive.com/[email protected]/msg02493.htmlthere
seems to be a hurdle with suid that I can't overcome. I can get the
permissions correct from a BackupPC perspective, but then the CentOS apache
doesn't want to play nice.
[r...@telephony conf.d]# ls -al /var/www/cgi-bin/
total 24
drwxr-xr-x 2 root root 4096 Dec 12 11:35 .
drwxr-xr-x 9 root root 4096 Dec 11 22:40 ..
-r-sr-x--- 1 backuppc apache 3993 Dec 11 18:13 BackupPC_Admin
-rwxr-xr-x 1 backuppc backuppc 76 Dec 12 11:35 testsetuid
Here's the end of the apache error log -
[Fri Dec 12 11:44:25 2008] [error] [client 192.168.0.4] Premature end of
script headers: testsetuid
[Fri Dec 12 11:44:36 2008] [error] [client 192.168.0.4] Premature end of
script headers: BackupPC_Admin
The premature end of headers message is all over the backuppc archives, and
it pointed me to the page I mentioned above -
http://backuppc.sourceforge.net/faq/debugCGI.html . Going through that page
in order, I can generate the html at the command line when I execute
BackupPC_Admin as either backuppc or apache, but when I try through a
browser, I encounter suid issues. Here's the full output of the
/var/log/httpd/suexec.log -
[2008-12-11 22:37:44]: uid: (150/backuppc) gid: (150/150) cmd:
BackupPC_Admin
[2008-12-11 22:37:44]: cannot run as forbidden uid (150/BackupPC_Admin)
[2008-12-12 10:05:20]: uid: (150/backuppc) gid: (150/150) cmd:
BackupPC_Admin
[2008-12-12 10:05:20]: cannot run as forbidden uid (150/BackupPC_Admin)
[2008-12-12 10:10:41]: uid: (150/backuppc) gid: (150/150) cmd: testsetuid
[2008-12-12 10:10:41]: cannot run as forbidden uid (150/testsetuid)
[2008-12-12 10:24:03]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 10:24:03]: file is either setuid or setgid:
(/var/www/cgi-bin/testse
tuid)
[2008-12-12 10:27:22]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 10:27:22]: file is either setuid or setgid:
(/var/www/cgi-bin/testse
tuid)
[2008-12-12 10:27:24]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 10:27:24]: file is either setuid or setgid:
(/var/www/cgi-bin/testse
tuid)
[2008-12-12 10:38:30]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 10:38:30]: file is either setuid or setgid:
(/var/www/cgi-bin/testse
tuid)
[2008-12-12 10:56:22]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 10:56:22]: file is either setuid or setgid:
(/var/www/cgi-bin/testse
tuid)
[2008-12-12 10:57:44]: uid: (1010/backuppc) gid: (48/48) cmd: testsetuid
[2008-12-12 10:57:44]: cannot run as forbidden gid (48/testsetuid)
[2008-12-12 10:58:48]: uid: (1010/backuppc) gid: (48/48) cmd: testsetuid
[2008-12-12 10:58:48]: cannot run as forbidden gid (48/testsetuid)
[2008-12-12 11:18:31]: uid: (1010/backuppc) gid: (48/48) cmd: testsetuid
[2008-12-12 11:18:31]: cannot run as forbidden gid (48/testsetuid)
[2008-12-12 11:19:26]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:19:26]: target uid/gid (1010/1010) mismatch with directory
(0/0) or program (1010/48)
[2008-12-12 11:20:30]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:20:30]: target uid/gid (1010/1010) mismatch with directory
(0/0) or program (1010/1010)
[2008-12-12 11:21:23]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:25:01]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:25:22]: uid: (1010/backuppc) gid: (1010/1010) cmd:
BackupPC_Admin
[2008-12-12 11:25:22]: file is either setuid or setgid:
(/var/www/cgi-bin/BackupPC_Admin)
[2008-12-12 11:33:59]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:35:05]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:43:26]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:43:26]: target uid/gid (1010/1010) mismatch with directory
(0/0) or program (1010/1010)
[2008-12-12 11:43:32]: uid: (1010/backuppc) gid: (1010/1010) cmd:
BackupPC_Admin
[2008-12-12 11:43:32]: file is either setuid or setgid:
(/var/www/cgi-bin/BackupPC_Admin)
[2008-12-12 11:44:25]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:44:25]: target uid/gid (1010/1010) mismatch with directory
(0/0) or program (1010/1010)
[2008-12-12 11:44:36]: uid: (1010/backuppc) gid: (1010/1010) cmd:
BackupPC_Admin
[2008-12-12 11:44:36]: file is either setuid or setgid:
(/var/www/cgi-bin/BackupPC_Admin)
Obviously I changed the uid and gid for backuppc, thinking that was part of
the problem. It seemed to play a role, but wether it had the low uid (150)
or the higher (1010) it still wouldn't work.
Do I have to create a 2nd instance of apache running as backuppc to get this
functional on CentOS 4.7?
If any additional info is needed I'll be glad to provide it.
Thanks,
Jim
------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
BackupPC-users mailing list
[email protected]
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
