Hi, Steve Palm wrote on 2018-05-03 09:55:38 -0500 [Re: [BackupPC-users] BackupPC 4.2.0 released]: > I think that would cover it here, as you said, if you give someone Admin > rights, then they can alter any other settings. Only a > compile-build-install-time option to totally remove it would eliminate this > possibility.
well, not really. If you can change the host settings, you can probably change backup expiry to keep only one or two backups, change the data set to only include /tmp, for example, and then manually force one or two backups. It's not as fast and easy as a "maliciously delete all backups" button, but if we're talking about security, it doesn't have to be easy, just possible. With root access to the BackupPC server, it's just a matter of 'rm -r', really. If you give someone 'Admin' capabilities (for whatever definition may be applicable), he can administratively break things. There is really no way to tell a computer to let someone only do constructive things. 'gzip /etc/passwd' is a good thing, right? ;-) For the 'home use' type scenario (as in "backup *PC*"), where people "own" machines they backup and restore as they like, there may be some merit in allowing them to delete backups on their own. For the 'office' type scenario (as in "*Backup* pc"), I would expect an IT department (or some member(s) of it) to be responsible for backups, and *nobody* else to have any access to them. The access control mechanism in BackupPC is just not fine-grained enough - if you can see any data within a backup, you can see all of it. In this scenario, you probably won't ever manually delete backups, and if you do, you'll do it through shell access to the BackupPC server from the command line. So you'll have a gratuitious "shoot myself in the foot" button in the web interface, nothing more. There will always be people who use BackupPC somewhere in between those scenarios, so yes, why not give them the option of deleting backups through the web interface? > It is a great feature to have, especially with some restrictions on > availability. Thanks! > > > On Apr 21, 2018, at 7:43 PM, Craig Barratt via BackupPC-users > > <backuppc-users@lists.sourceforge.net> wrote: > > > > I just pushed some changes [...] that add a new config variable > > CgiUserDeleteBackupEnable (default off) which sets whether users can > > delete backups via the CGI interface. I agree that this makes sense (both the option and the default). > > Admins always have the delete feature enabled. Absurdly, I'd suggest to always *dis*able the feature for admins. Well, no, that doesn't make much sense, either. But it's so easy - even for admins - to press the wrong button (just imagine an unresponsive browser or X server) and then answer the confirmation dialog the wrong way. If a site has the policy (or maybe even legal requirement) "we *never* manually delete backups", they should be able to prevent this from happening accidentally (or maliciously, if you prefer). In fact, it's possible to disable direct restores, which can do great harm, so I'd argue it should be possible to disable backup deletion, too. Disclaimer: no, I haven't looked at the new version or its web interface, so reality might be less problematic than the theory sounds. But even if it's hard to shoot yourself in the foot, someone will manage ;-). > > On Fri, Apr 20, 2018 at 11:05 AM, Craig Barratt > > <cbarr...@users.sourceforge.net <mailto:cbarr...@users.sourceforge.net>> > > wrote: > > [...] > > How about I add a configuration setting that has three values - completely > > off, admin only, or any user? The default setting could be admin only. I would prefer that implementation. Personally, I'd make the default setting "completely off", though I trust people really *wanting* that setting could easily enough change it, if the default were different. In a way, the default setting seems to be a recommendation. Is manually deleting backups that are no longer needed something the average BackupPC admin should do, or was it added for the sake of being able to easily fix commonly made mistakes without creating more problems along the way? Regards, Holger ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
