Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-17 Thread Jim McNamara 
On Wed, Dec 17, 2008 at 12:49 PM, Les Mikesell  wrote:

> Jim McNamara wrote:
> >
> > Thanks again for everyone's help, I'm a longtime lurker on these boards,
> > and I was quite pleased to have support when my usualy install
> > conditions were thrown out!
>
> I'm still curious about the real cause of your problem, though.  I
> revived an old vmware image of Centos 4.x, updated to 4.7, then
> installed a backuppc 3.1.0, taking defaults from the configure.pl script
> for about everything except putting the cgi interface in
> /var/www/cgi-bin and images under /var/www/html/backuppc, and the only
> thing it took to make it work was changing the group of
> /var/www/cgi-bin/BackupPC_Admin to apache and then making it suid again.
>

That is also how I did it, once the issue I had with setuid were solved. I
chose more Debian-ish directories
(/usr/share/backuppc/cgi-bin/BackupPC_Admin), but that is more or less how I
did it.

>
> It does have httpd-suexec installed but it isn't complaining.  Is your
> backuppc user id below 500?  That could have been a problem - the
> default suexec configuration sets 500 as the minimum uid to permit.
> Below that is reserved for system ids and the system tools like
> 'adduser' should start at 501.


I had thought about that. My initial install had user/group backuppc both as
150, then I upped both uid and gid to 1012, still the same problems existed.
Maybe something was messed up by moving uis/gid around? It is functional now
with both uid and gid set to 1012.

>
>
>
--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-17 Thread Les Mikesell 
Jim McNamara wrote:
> 
> Thanks again for everyone's help, I'm a longtime lurker on these boards, 
> and I was quite pleased to have support when my usualy install 
> conditions were thrown out!

I'm still curious about the real cause of your problem, though.  I 
revived an old vmware image of Centos 4.x, updated to 4.7, then 
installed a backuppc 3.1.0, taking defaults from the configure.pl script 
for about everything except putting the cgi interface in 
/var/www/cgi-bin and images under /var/www/html/backuppc, and the only 
thing it took to make it work was changing the group of 
/var/www/cgi-bin/BackupPC_Admin to apache and then making it suid again.

It does have httpd-suexec installed but it isn't complaining.  Is your 
backuppc user id below 500?  That could have been a problem - the 
default suexec configuration sets 500 as the minimum uid to permit. 
Below that is reserved for system ids and the system tools like 
'adduser' should start at 501.

-- 
   Les Mikesell
lesmikes...@gmail.com


--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-17 Thread Jim McNamara 
On Tue, Dec 16, 2008 at 5:25 PM, Adam Goryachev <
mailingli...@websitemanagers.com.au> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I'm guessing your telephony system will be some commercial version of
> asterisk? I would seriously question the idea of putting both your
> telephony system and backuppc on the same machine !
> Apart from keeping the backups on the same system as your live server,
> there are the performance impacts which may easily cause problems to
> your telephone call quality.
>
> Just a heads up I would prefer two separate boxes for the task.
>

I don't believe it is commercial asterisk, but I don't know and wasn't
consulted on that. There is a PCI card added that directly interfaces with
PRI phone lines. That card wasn't provided by the people that insisted on
RHEL 4.5/CentOS 4.7, and cost around $5000 US dollars, which is well more
than the brand new servers themselves cost.  I haven't touched asterisk in
years (2003 or 2004 was the last time I used it), but at that time
everything I knew about was done over TCP/IP, and this card isn't TCP/IP, it
is some direct interface.

This BackupPC isn't going to be backing up an office or anything of the
sort, there's just 2 linux servers, one doing the telephony and the other
being the database of data to make the calls from. As what is really
important is the database, it made more sense to put BackupPC on the
telephony server. A 3rd (BackupPC only) server was ruled out on space and
cost, so the point of failure kicked in. If the telephony box dies the
database still exists, and the telephony is under contract to be rebuilt
(though /var thereby /var/lib/backuppc as well lives on its own SAS disks),
whereas keeping the database backup is my responsibility, and I'm familiar
with BackupPC, though again, obviously not installing it on an out-of-date
OS that's new to me!

Beyond all that, the telephony will be silent well above 99.9% of the time.
It isn't making phone calls unless something on the order of natural
disaster or a terrorist attack occur, and the continental US (save one day
of infamy in 2001) is relatively safe. Our geographic location is light on
natural disasters, but should one occur, this entire install is put in place
to forewarn folks. Should the true purpose of this box kick on, I can easily
script a something along the lines of {if telephony = ON, then
/etc/init.d./backuppc stop}.

Thanks again for everyone's help, I'm a longtime lurker on these boards, and
I was quite pleased to have support when my usualy install conditions were
thrown out!
--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-17 Thread Holger Parplies 
Hi,

Les Mikesell wrote on 2008-12-16 19:39:54 -0600 [Re: [BackupPC-users] CentOS 
4.7 suid fails repeatedly with BackupPC]:
> Which brings up the question - why would anyone install a 4.x now if you
> don't already have something old that you need to keep working on it?

he does - an old project partner.

Jim McNamara had written on 2008-12-16 12:35:04 -0500 [same thread]:
> The company I work for got roped in using it for an individual project, as
> another vendor brought in to do the telephony portion of this project will
> only work on RHEL 4.5 and luckily (for the bottom line) CentOS 4.7.

Regards,
Holger

--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-16 Thread Les Mikesell 
Jim McNamara wrote:
> 
> Solved! Thanks for everyone's help. I found that I did fine by manually
> downloading a httpd rpm, but knowing that -x doubles for --exclude is nice.
> That didn't make my yum man page.
> 
> I now have graphics, password protection and all is well.
> 
> I still will stick to Debian however!!

None of that should have been necessary unless things have changed in 
recent updates.  I had it running on a 4.x box some time ago without 
similar issues and there are none on 5.x.  Which brings up the question 
- why would anyone install a 4.x now if you don't already have something 
old that you need to keep working on it?

-- 
Les Mikesell
 lesmikes...@gmail.com


--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-16 Thread Adam Goryachev 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


>> To Adam Goryachev, I don't have any interest in CentOS (and
> judging by
>> other posts in this thread, competence with it either). The
> company I
>> work for got roped in using it for an individual project, as
> another
>> vendor brought in to do the telephony portion of this project
> will only
>> work on RHEL 4.5 and luckily (for the bottom line) CentOS 4.7.
> I've
>> been strictly a Debian user since Woody, and this whole
> experience has
>> confirmed to me that my default choice was correct!
I'm guessing your telephony system will be some commercial version of
asterisk? I would seriously question the idea of putting both your
telephony system and backuppc on the same machine !
Apart from keeping the backups on the same system as your live server,
there are the performance impacts which may easily cause problems to
your telephone call quality.

Just a heads up I would prefer two separate boxes for the task.

Oh, and I am sure redhat is still just fine as an os, it is a matter
of using it for a period of time to learn the quirks, just as I am
sure you would need to use debian for a while to learn it's quirks.
Still I prefer debian due to the reliability of the packaged system,
and the management tools (dunno how apt compares to yum, I stopped
when redhat still used rpm), oh, and of course the cost is right :)

Regards,
Adam
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJSCrVGyoxogrTyiURAkRxAKDTWqcr5355S7iMrCJzTVNglrPnRQCfcbxb
ZL2y1JJhabsyVOMMwUPwLZY=
=qM+V
-END PGP SIGNATURE-


--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-16 Thread Jim McNamara 
On Tue, Dec 16, 2008 at 2:24 PM, Mark Maciolek  wrote:

>
>
> Jim McNamara wrote:
> >
> >
> > On Tue, Dec 16, 2008 at 11:36 AM, Nils Breunese (Lemonbit)
> > mailto:n...@lemonbit.com>> wrote:
> >
> > Les Mikesell wrote:
> >
> >  > Why is suexec involved?
> >
> > Les is right, you don't need suexec. Trying to use it is probably
> > causing your problem.
> >
> >  >> [2008-12-15 10:37:00]: file is either setuid or setgid:
> >  >> (/var/www/cgi-bin/BackupPC_Admin)
> >  >
> >  > Yes, the config.pl script should have installed it mode 04554.any
> > interest (an
> >  > It needs to be group-readable by apache, owned by backuppc and
> suid.
> >
> > 4550 should be enough for everybody. :o)
> >
> > Nils Breunese.
> >
> >
> > Ladies and  Gentlemen,
> >
> > There's been a ton of posts in the last few minutes, so I'll try to
> > respond to all of those in this reply.
> >
> > To Adam Goryachev, I don't have any interest in CentOS (and judging by
> > other posts in this thread, competence with it either). The company I
> > work for got roped in using it for an individual project, as another
> > vendor brought in to do the telephony portion of this project will only
> > work on RHEL 4.5 and luckily (for the bottom line) CentOS 4.7.  I've
> > been strictly a Debian user since Woody, and this whole experience has
> > confirmed to me that my default choice was correct!
> >
> > To Les and Nils, first I'm sorry to be disparaging one of your preferred
> > versions of linux. I installed httpd-suexec somewhere almost immediately
> > after installing the OS, and it certainly appears to be the proverbial
> > smoking gun. I tried usung yum just to remove httpd-suexec, and it would
> > only do that if I also allowed yum to remove httpd! As noting else is
> > installed yet (the other contractor mentioned previously begins work
> > tomorrow), I allowed it. That went fine, it pulled out these packages -
> >
> > mod_perl, php-pear, php-odbc, mod_ssl, system-config-httpd, httpd,
> > httpd-manual, httpd-suexec, webalizer, php-ldap, php, and mod_python.
> >
> > I figured all would be well with this. Let it remove everything listed
> > above, then reinstall httpd, and hopefully the skies will brighten,
> > rainbows and unicorns will dance around me, and oh yes, backuppc will
> work!
> >
> > Unfortunately, yum won't install just httpd without httpd-suexec, as
> > show here -
> >
> > [r...@telephony jim]# yum install httpd
> > Loading "fastestmirror" plugin
> > Setting up Install Process
> > Setting up repositories
> > Loading mirror speeds from cached hostfile
> > Reading repository metadata in from local files
> > Parsing package install arguments
> > Resolving Dependencies
> > --> Populating transaction set with selected packages. Please wait.
> > ---> Package httpd.x86_64 0:2.0.52-41.ent.2.centos4 set to be updated
> > --> Running transaction check
> > --> Processing Dependency: httpd-suexec for package: httpd
> > --> Restarting Dependency Resolution with new changes.
> > --> Populating transaction set with selected packages. Please wait.
> > ---> Package httpd-suexec.x86_64 0:2.0.52-41.ent.2.centos4 set to be
> updated
> > --> Running transaction check
> >
> > Dependencies Resolved
> >
> >
> =
> >  Package Arch   Version  Repository
>  Size
> >
> =
> > Installing:
> >  httpd   x86_64 2.0.52-41.ent.2.centos4
> > update955 k
> > Installing for dependencies:
> >  httpd-suexecx86_64 2.0.52-41.ent.2.centos4
> > update 31 k
> >
> > Transaction Summary
> >
> =
> > Install  2 Package(s)
> > Update   0 Package(s)
> > Remove   0 Package(s)
> > Total download size: 986 k
> > Is this ok [y/N]: n
> > Exiting on user Command
> > Complete!
> >
> > Yum clean all followed by yum update still tries to install both httpd
> > and httpd-suexec.
> >
> > I'm going to google to find a solution to this (clearly isn't backuppc
> > related), and when I can get a functional httpd, I'll post back. If
> > anyone has suggestions on how to accomplish this, please email me off
> list.
>
> yum install httpd -x httpd-suexec
>
> We are running CentOS 5.2 backing up 37 clients so far with no major
> issues.
>
> rpm -qa|grep htt
> system-config-httpd-1.3.3.3-1.el5
> httpd-2.2.3-11.el5_2.centos.4
>
> rpm -qa | grep Back
> BackupPC-3.1.0-2.el5
>
>
>
> --
>

Solved! Thanks for everyone's help. I found that I did fine by manually
downloading a httpd rpm, but knowing that -x doubles for --exclude is nice.
That didn't make my yum man page.

I now have graphics, password protection and all is well.

I still will stick to Debian however!!
---

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-16 Thread Mark Maciolek 


Jim McNamara wrote:
> 
> 
> On Tue, Dec 16, 2008 at 11:36 AM, Nils Breunese (Lemonbit) 
> mailto:n...@lemonbit.com>> wrote:
> 
> Les Mikesell wrote:
> 
>  > Why is suexec involved?
> 
> Les is right, you don't need suexec. Trying to use it is probably
> causing your problem.
> 
>  >> [2008-12-15 10:37:00]: file is either setuid or setgid:
>  >> (/var/www/cgi-bin/BackupPC_Admin)
>  >
>  > Yes, the config.pl script should have installed it mode 04554.any
> interest (an
>  > It needs to be group-readable by apache, owned by backuppc and suid.
> 
> 4550 should be enough for everybody. :o)
> 
> Nils Breunese.
> 
> 
> Ladies and  Gentlemen,
> 
> There's been a ton of posts in the last few minutes, so I'll try to 
> respond to all of those in this reply.
> 
> To Adam Goryachev, I don't have any interest in CentOS (and judging by 
> other posts in this thread, competence with it either). The company I 
> work for got roped in using it for an individual project, as another 
> vendor brought in to do the telephony portion of this project will only 
> work on RHEL 4.5 and luckily (for the bottom line) CentOS 4.7.  I've 
> been strictly a Debian user since Woody, and this whole experience has 
> confirmed to me that my default choice was correct!
> 
> To Les and Nils, first I'm sorry to be disparaging one of your preferred 
> versions of linux. I installed httpd-suexec somewhere almost immediately 
> after installing the OS, and it certainly appears to be the proverbial 
> smoking gun. I tried usung yum just to remove httpd-suexec, and it would 
> only do that if I also allowed yum to remove httpd! As noting else is 
> installed yet (the other contractor mentioned previously begins work 
> tomorrow), I allowed it. That went fine, it pulled out these packages -
> 
> mod_perl, php-pear, php-odbc, mod_ssl, system-config-httpd, httpd, 
> httpd-manual, httpd-suexec, webalizer, php-ldap, php, and mod_python.
> 
> I figured all would be well with this. Let it remove everything listed 
> above, then reinstall httpd, and hopefully the skies will brighten, 
> rainbows and unicorns will dance around me, and oh yes, backuppc will work!
> 
> Unfortunately, yum won't install just httpd without httpd-suexec, as 
> show here -
> 
> [r...@telephony jim]# yum install httpd
> Loading "fastestmirror" plugin
> Setting up Install Process
> Setting up repositories
> Loading mirror speeds from cached hostfile
> Reading repository metadata in from local files
> Parsing package install arguments
> Resolving Dependencies
> --> Populating transaction set with selected packages. Please wait.
> ---> Package httpd.x86_64 0:2.0.52-41.ent.2.centos4 set to be updated
> --> Running transaction check
> --> Processing Dependency: httpd-suexec for package: httpd
> --> Restarting Dependency Resolution with new changes.
> --> Populating transaction set with selected packages. Please wait.
> ---> Package httpd-suexec.x86_64 0:2.0.52-41.ent.2.centos4 set to be updated
> --> Running transaction check
> 
> Dependencies Resolved
> 
> =
>  Package Arch   Version  RepositorySize
> =
> Installing:
>  httpd   x86_64 2.0.52-41.ent.2.centos4  
> update955 k
> Installing for dependencies:
>  httpd-suexecx86_64 2.0.52-41.ent.2.centos4  
> update 31 k
> 
> Transaction Summary
> =
> Install  2 Package(s)
> Update   0 Package(s)
> Remove   0 Package(s)
> Total download size: 986 k
> Is this ok [y/N]: n
> Exiting on user Command
> Complete!
> 
> Yum clean all followed by yum update still tries to install both httpd 
> and httpd-suexec.
> 
> I'm going to google to find a solution to this (clearly isn't backuppc 
> related), and when I can get a functional httpd, I'll post back. If 
> anyone has suggestions on how to accomplish this, please email me off list.

yum install httpd -x httpd-suexec

We are running CentOS 5.2 backing up 37 clients so far with no major issues.

rpm -qa|grep htt
system-config-httpd-1.3.3.3-1.el5
httpd-2.2.3-11.el5_2.centos.4

rpm -qa | grep Back
BackupPC-3.1.0-2.el5






> 
> Thanks again for everyone's help!
> 
> 
> 
> 
> 
> 
> --
> SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
> The future of the web can't happen without you.  Join us at MIX09 to help
> pave the way to the Next Web now. Learn more and register at
> http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
> 
> 
> 
> 
> ___

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-16 Thread Jim McNamara 
On Tue, Dec 16, 2008 at 11:36 AM, Nils Breunese (Lemonbit) <
n...@lemonbit.com> wrote:

> Les Mikesell wrote:
>
> > Why is suexec involved?
>
> Les is right, you don't need suexec. Trying to use it is probably
> causing your problem.
>
> >> [2008-12-15 10:37:00]: file is either setuid or setgid:
> >> (/var/www/cgi-bin/BackupPC_Admin)
> >
> > Yes, the config.pl script should have installed it mode 04554.any
> interest (an
> > It needs to be group-readable by apache, owned by backuppc and suid.
>
> 4550 should be enough for everybody. :o)
>
> Nils Breunese.
>

Ladies and  Gentlemen,

There's been a ton of posts in the last few minutes, so I'll try to respond
to all of those in this reply.

To Adam Goryachev, I don't have any interest in CentOS (and judging by other
posts in this thread, competence with it either). The company I work for got
roped in using it for an individual project, as another vendor brought in to
do the telephony portion of this project will only work on RHEL 4.5 and
luckily (for the bottom line) CentOS 4.7.  I've been strictly a Debian user
since Woody, and this whole experience has confirmed to me that my default
choice was correct!

To Les and Nils, first I'm sorry to be disparaging one of your preferred
versions of linux. I installed httpd-suexec somewhere almost immediately
after installing the OS, and it certainly appears to be the proverbial
smoking gun. I tried usung yum just to remove httpd-suexec, and it would
only do that if I also allowed yum to remove httpd! As noting else is
installed yet (the other contractor mentioned previously begins work
tomorrow), I allowed it. That went fine, it pulled out these packages -

mod_perl, php-pear, php-odbc, mod_ssl, system-config-httpd, httpd,
httpd-manual, httpd-suexec, webalizer, php-ldap, php, and mod_python.

I figured all would be well with this. Let it remove everything listed
above, then reinstall httpd, and hopefully the skies will brighten, rainbows
and unicorns will dance around me, and oh yes, backuppc will work!

Unfortunately, yum won't install just httpd without httpd-suexec, as show
here -

[r...@telephony jim]# yum install httpd
Loading "fastestmirror" plugin
Setting up Install Process
Setting up repositories
Loading mirror speeds from cached hostfile
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package httpd.x86_64 0:2.0.52-41.ent.2.centos4 set to be updated
--> Running transaction check
--> Processing Dependency: httpd-suexec for package: httpd
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Package httpd-suexec.x86_64 0:2.0.52-41.ent.2.centos4 set to be updated
--> Running transaction check

Dependencies Resolved

=
 Package Arch   Version  RepositorySize
=
Installing:
 httpd   x86_64 2.0.52-41.ent.2.centos4
update955 k
Installing for dependencies:
 httpd-suexecx86_64 2.0.52-41.ent.2.centos4
update 31 k

Transaction Summary
=
Install  2 Package(s)
Update   0 Package(s)
Remove   0 Package(s)
Total download size: 986 k
Is this ok [y/N]: n
Exiting on user Command
Complete!

Yum clean all followed by yum update still tries to install both httpd and
httpd-suexec.

I'm going to google to find a solution to this (clearly isn't backuppc
related), and when I can get a functional httpd, I'll post back. If anyone
has suggestions on how to accomplish this, please email me off list.

Thanks again for everyone's help!
--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-16 Thread Nils Breunese (Lemonbit) 
Les Mikesell wrote:

> Why is suexec involved?

Les is right, you don't need suexec. Trying to use it is probably  
causing your problem.

>> [2008-12-15 10:37:00]: file is either setuid or setgid:
>> (/var/www/cgi-bin/BackupPC_Admin)
>
> Yes, the config.pl script should have installed it mode 04554.
> It needs to be group-readable by apache, owned by backuppc and suid.

4550 should be enough for everybody. :o)

Nils Breunese.

--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-16 Thread Nils Breunese (Lemonbit) 
Adam Goryachev wrote:

> Not sure I can help you with that one... I have never used CentOS  
> and in
> fact avoid it. I've been quite happy with Debian ever since RedHat 8  
> was
> released :) Hopefully someone else with more experience could assist  
> you.
> Not that I think it can't work on centos, but why do you insist on  
> using it?
> Is there a pre-packaged version of backuppc available for centos?

There is a backuppc package in testing [0]. It uses a mod_perl setup  
with apache running as backuppc. Since I didn't want to use mod_perl  
and run my apache as backuppc, I just install BackupPC from source and  
it works fine. Currently running it on CentOS 5, but ran it on CentOS  
4 before.

Nils Breunese.

[0] http://dev.centos.org/centos/4/testing/ / 
http://dev.centos.org/centos/5/testing/

--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-16 Thread Les Mikesell 
Jim McNamara wrote:
> 
> 
> Changing the permissions as you suggested helped, but now I'm plagued 
> with a new set of errors that make little to no sense to me. When I go 
> to http://my.lan.ip/cgi-bin/BackupPC_Admin I get a half-formed page, and 
> this as the contents of the /var/log/httpd/error_log -
> 
> [Tue Dec 16 10:18:43 2008] [error] file permissions deny server 
> execution/var/www/backuppc/backuppc/image/BackupPC_stnd.css
> [Tue Dec 16 10:18:43 2008] [error] file permissions deny server 
> execution/var/www/backuppc/backuppc/image/sorttable.js
> [Tue Dec 16 10:18:43 2008] [error] file permissions deny server 
> execution/var/www/backuppc/backuppc/image/logo.gif
> 
> I can't see why those files should be executable. Changing them to 
> executable still leads to the same errors.

You've apparently configured apache to execute things under 
/var/www/backuppc, or /var/www/backuppc.  Don't.  Apache should only 
exectute /var/www/cgi-bin/BackupPC_Admin, and that directory should have 
been configure for execution in a stock Centos install.

-- 
   Les Mikesell
lesmikes...@gmail.com


--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-16 Thread Les Mikesell 
Jim McNamara wrote:
> 
> I didn't think it was incompatible with CentOS, I'm just stuck in the 
> position of having done this probably 20 times on Debian without issue 
> (past the first) and now with my first try on CentOS, I'm floundering 
> badly. 

There should not be any issues with Centos.  Are you starting with the 
3.1 code from http://backuppc.sourceforge.net/?

> When I try to run the BackupPC script I still get the common "premature 
> end of script headers" message, and the most telling thing I find is in 
> the suexec.log file, which complains when I try to run BackupPC_Admin or 
> the testsetuid script from the wiki -

Suexec?  Are you trying to make apache do the suid part instead of perl?

> ] Premature end of script headers: BackupPC_Admin
> [Mon Dec 15 10:38:09 2008] [error] [client 192.168.0.231 

Is this supposed to be the default page?

> [r...@telephony logs]# tail suexec.log
> [2008-12-15 10:37:00]: uid: (1010/backuppc) gid: (1010/1010) cmd: 
> BackupPC_Admin

Why is suexec involved?

> [2008-12-15 10:37:00]: file is either setuid or setgid: 
> (/var/www/cgi-bin/BackupPC_Admin)

Yes, the config.pl script should have installed it mode 04554.
It needs to be group-readable by apache, owned by backuppc and suid.

> I would love to find the suexec config, but google seems to indicate 
> that if you're unhappy with suexec, your only option is to compile your 
> own and remove the packeged version. That seems odd, but this whole rpm 
> thing seems fairly odd as well.

What made you think you even needed suexec?  Let apache execute perl as 
a normal cgi, let perl handle doing suid on a perl script.  You 
shouldn't even need to touch httpd.conf if you drop the BackupPC_Admin 
program under /var/www/cgi-bin which is already configured for program 
execution.  If you want to use mod_perl it becomes more complicated, but 
you don't spend enough time in the web interface to need the extra speed.


-- 
   Les Mikesell
  lesmikes...@gmail.com

--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-16 Thread Adam Goryachev 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jim McNamara wrote:

> Changing the permissions as you suggested helped, but now I'm plagued
> with a new set of errors that make little to no sense to me. When I go
> to http://my.lan.ip/cgi-bin/BackupPC_Admin I get a half-formed page, and
> this as the contents of the /var/log/httpd/error_log -

> [Tue Dec 16 10:18:43 2008] [error] file permissions deny server
> execution/var/www/backuppc/backuppc/image/BackupPC_stnd.css
> [Tue Dec 16 10:18:43 2008] [error] file permissions deny server
> execution/var/www/backuppc/backuppc/image/sorttable.js
> [Tue Dec 16 10:18:43 2008] [error] file permissions deny server
> execution/var/www/backuppc/backuppc/image/logo.gif

> I can't see why those files should be executable. Changing them to
> executable still leads to the same errors.

> Thanks again for your help!

Not sure I can help you with that one... I have never used CentOS and in
fact avoid it. I've been quite happy with Debian ever since RedHat 8 was
released :) Hopefully someone else with more experience could assist you.
Not that I think it can't work on centos, but why do you insist on using it?
Is there a pre-packaged version of backuppc available for centos? Even
if it is not the exact version you want, if you install it, you should
be able to see some of the config that is used/etc, and then try to copy
that to your manually installed version. Even if the packaged version is
not for centos, redhat versions might be equally useful. I recall using
rpmfind.net for this sort of thing. Since backuppc is written in perl,
generally, it shouldn't matter if you mix versions/etc, perl is
cross-platform, and perl scritps are generally compatible with multiple
(all) versions of perl.

Regards,
Adam
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAklH0k8ACgkQGyoxogrTyiUaTACdEmJXHGC5N9lmV8UADVsCvFLT
RLMAoILQqhBXnBJeZ+JHoLHAxSIf6WXK
=y3FB
-END PGP SIGNATURE-

--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-16 Thread Jim McNamara 
On Mon, Dec 15, 2008 at 5:01 PM, Adam Goryachev <
mailingli...@websitemanagers.com.au> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Jim McNamara wrote:
> > I didn't think it was incompatible with CentOS, I'm just stuck in
> > the position of having done this probably 20 times on Debian without
> > issue (past the first) and now with my first try on CentOS, I'm
> > floundering badly. I changed the permissions on my BackupPC_Admin
> > script from 4550 to 4750 to match yours, the owner and groups were
> > already identical. I still get the same error.
> >
> > [r...@telephony logs]# ls -al /var/www/cgi-bin/
> > total 24
> > drwxr-xr-x  2 root root 4096 Dec 12 11:44 .
> > drwxr-xr-x  9 root root 4096 Dec 11 22:40 ..
> > -rwsr-x---  1 backuppc apache   3993 Dec 11 18:13 BackupPC_Admin
> > -rwxr-xr-x  1 backuppc backuppc   70 Dec 12 11:44 testsetuid
> >
> >
> > When I try to run the BackupPC script I still get the common
> > "premature end of script headers" message, and the most telling
> > thing I find is in the suexec.log file, which complains when I try
> > to run BackupPC_Admin or the testsetuid script from the wiki -
> >
> > [r...@telephony logs]# tail suexec.log
> > [2008-12-15 10:37:00]: uid: (1010/backuppc) gid: (1010/1010) cmd:
> > BackupPC_Admin
> > [2008-12-15 10:37:00]: file is either setuid or setgid:
> > (/var/www/cgi-bin/BackupPC_Admin)
> > [2008-12-15 10:38:09]: uid: (1010/backuppc) gid: (1010/1010) cmd:
> > BackupPC_Admin
> > [2008-12-15 10:38:09]: file is either setuid or setgid:
> > (/var/www/cgi-bin/BackupPC_Admin)
> > [2008-12-15 10:38:15]: uid: (1010/backuppc) gid: (1010/1010) cmd:
> > testsetuid
> > [2008-12-15 10:38:15]: target uid/gid (1010/1010) mismatch with
> > directory (0/0) or program (1010/1010)
> >
> > I would love to find the suexec config, but google seems to indicate
> > that if you're unhappy with suexec, your only option is to compile
> > your own and remove the packeged version. That seems odd, but this
> > whole rpm thing seems fairly odd as well.
>
> Looks like you need to do these:
>
> chown -R backuppc.backuppc /var/www/cgi-bin/
> chmod 755 /var/www/cgi-bin/BackupPC_Admin
>
> Basically suexec will help you change user from "nobody" or "www-user"
> which is what apache runs as to backuppc (the owner of the file).
> However, to ensure everything is secure it makes sure a lot of things
> are done properly such as permissions and owner/group of the file and
> directory.
>
> Try the above and let us know how you go.
>
> Regards,
> Adam
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJRtPVGyoxogrTyiURAqJTAKCddqgvNE05BnoF60J/Roa3fLfLbwCgx/x6
> 7mR5wI3/Q+zSJAdgdUMiZdQ=
> =sFuB
> -END PGP SIGNATURE-
>


Changing the permissions as you suggested helped, but now I'm plagued with a
new set of errors that make little to no sense to me. When I go to
http://my.lan.ip/cgi-bin/BackupPC_Admin I get a half-formed page, and this
as the contents of the /var/log/httpd/error_log -

[Tue Dec 16 10:18:43 2008] [error] file permissions deny server
execution/var/www/backuppc/backuppc/image/BackupPC_stnd.css
[Tue Dec 16 10:18:43 2008] [error] file permissions deny server
execution/var/www/backuppc/backuppc/image/sorttable.js
[Tue Dec 16 10:18:43 2008] [error] file permissions deny server
execution/var/www/backuppc/backuppc/image/logo.gif

I can't see why those files should be executable. Changing them to
executable still leads to the same errors.

Thanks again for your help!
--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-15 Thread Adam Goryachev 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jim McNamara wrote:
> I didn't think it was incompatible with CentOS, I'm just stuck in
> the position of having done this probably 20 times on Debian without
> issue (past the first) and now with my first try on CentOS, I'm
> floundering badly. I changed the permissions on my BackupPC_Admin
> script from 4550 to 4750 to match yours, the owner and groups were
> already identical. I still get the same error.
>
> [r...@telephony logs]# ls -al /var/www/cgi-bin/
> total 24
> drwxr-xr-x  2 root root 4096 Dec 12 11:44 .
> drwxr-xr-x  9 root root 4096 Dec 11 22:40 ..
> -rwsr-x---  1 backuppc apache   3993 Dec 11 18:13 BackupPC_Admin
> -rwxr-xr-x  1 backuppc backuppc   70 Dec 12 11:44 testsetuid
>
>
> When I try to run the BackupPC script I still get the common
> "premature end of script headers" message, and the most telling
> thing I find is in the suexec.log file, which complains when I try
> to run BackupPC_Admin or the testsetuid script from the wiki -
>
> [r...@telephony logs]# tail suexec.log
> [2008-12-15 10:37:00]: uid: (1010/backuppc) gid: (1010/1010) cmd:
> BackupPC_Admin
> [2008-12-15 10:37:00]: file is either setuid or setgid:
> (/var/www/cgi-bin/BackupPC_Admin)
> [2008-12-15 10:38:09]: uid: (1010/backuppc) gid: (1010/1010) cmd:
> BackupPC_Admin
> [2008-12-15 10:38:09]: file is either setuid or setgid:
> (/var/www/cgi-bin/BackupPC_Admin)
> [2008-12-15 10:38:15]: uid: (1010/backuppc) gid: (1010/1010) cmd:
> testsetuid
> [2008-12-15 10:38:15]: target uid/gid (1010/1010) mismatch with
> directory (0/0) or program (1010/1010)
>
> I would love to find the suexec config, but google seems to indicate
> that if you're unhappy with suexec, your only option is to compile
> your own and remove the packeged version. That seems odd, but this
> whole rpm thing seems fairly odd as well.

Looks like you need to do these:

chown -R backuppc.backuppc /var/www/cgi-bin/
chmod 755 /var/www/cgi-bin/BackupPC_Admin

Basically suexec will help you change user from "nobody" or "www-user"
which is what apache runs as to backuppc (the owner of the file).
However, to ensure everything is secure it makes sure a lot of things
are done properly such as permissions and owner/group of the file and
directory.

Try the above and let us know how you go.

Regards,
Adam
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJRtPVGyoxogrTyiURAqJTAKCddqgvNE05BnoF60J/Roa3fLfLbwCgx/x6
7mR5wI3/Q+zSJAdgdUMiZdQ=
=sFuB
-END PGP SIGNATURE-


--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-15 Thread Jim McNamara 
On Fri, Dec 12, 2008 at 7:13 PM, Nils Breunese (Lemonbit)  wrote:

> Les Mikesell wrote:
>
> >> [r...@telephony conf.d]# cat /etc/selinux/config
> >> # This file controls the state of SELinux on the system.
> >> # SELINUX= can take one of these three values:
> >> #   enforcing - SELinux security policy is enforced.
> >> #   permissive - SELinux prints warnings instead of enforcing.
> >> #   disabled - SELinux is fully disabled.
> >> SELINUX=disabled
> >> # SELINUXTYPE= type of policy in use. Possible values are:
> >> #   targeted - Only targeted network daemons are protected.
> >> #   strict - Full SELinux protection.
> >> SELINUXTYPE=targeted
> >
> > Is that a cut/paste error or do you actually have targeted
> > uncommented?
>
> Probably it's uncommented. Why would that be strange? As long as
> SELINUX=disabled it doesn't really matter what SELINUXTYPE is set to.
>
> > By the way, it takes a reboot to make a change take effect.
>
> The output of 'sestatus' tells you the status of SELinux.
>
[r...@telephony logs]# sestatus
SELinux status: disabled


> We used to run BackupPC on CentOS 4 (now on CentOS 5), so I'm sure it
> can work.
>
> # ll /var/www/cgi-bin/BackupPC_Admin
> -rwsr-x--- 1 backuppc apache 3993 Apr  8  2008 /var/www/cgi-bin/
> BackupPC_Admin
>
> Nils Breunese.
>
I didn't think it was incompatible with CentOS, I'm just stuck in the
position of having done this probably 20 times on Debian without issue (past
the first) and now with my first try on CentOS, I'm floundering badly. I
changed the permissions on my BackupPC_Admin script from 4550 to 4750 to
match yours, the owner and groups were already identical. I still get the
same error.

[r...@telephony logs]# ls -al /var/www/cgi-bin/
total 24
drwxr-xr-x  2 root root 4096 Dec 12 11:44 .
drwxr-xr-x  9 root root 4096 Dec 11 22:40 ..
-rwsr-x---  1 backuppc apache   3993 Dec 11 18:13 BackupPC_Admin
-rwxr-xr-x  1 backuppc backuppc   70 Dec 12 11:44 testsetuid



When I try to run the BackupPC script I still get the common "premature end
of script headers" message, and the most telling thing I find is in the
suexec.log file, which complains when I try to run BackupPC_Admin or the
testsetuid script from the wiki -


[Mon Dec 15 10:37:00 2008] [error] [client 192.168.0.231] Premature end of
script headers: BackupPC_Admin
[Mon Dec 15 10:38:09 2008] [error] [client 192.168.0.231] Premature end of
script headers: BackupPC_Admin
[Mon Dec 15 10:38:15 2008] [error] [client 192.168.0.231] Premature end of
script headers: testsetuid
[r...@telephony logs]# tail suexec.log
[2008-12-15 10:37:00]: uid: (1010/backuppc) gid: (1010/1010) cmd:
BackupPC_Admin
[2008-12-15 10:37:00]: file is either setuid or setgid:
(/var/www/cgi-bin/BackupPC_Admin)
[2008-12-15 10:38:09]: uid: (1010/backuppc) gid: (1010/1010) cmd:
BackupPC_Admin
[2008-12-15 10:38:09]: file is either setuid or setgid:
(/var/www/cgi-bin/BackupPC_Admin)
[2008-12-15 10:38:15]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-15 10:38:15]: target uid/gid (1010/1010) mismatch with directory
(0/0) or program (1010/1010)

I would love to find the suexec config, but google seems to indicate that if
you're unhappy with suexec, your only option is to compile your own and
remove the packeged version. That seems odd, but this whole rpm thing seems
fairly odd as well.

Thanks for the help so far, and I appreciate any further insights that
people can provide.



>
>
> --
> SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
> The future of the web can't happen without you.  Join us at MIX09 to help
> pave the way to the Next Web now. Learn more and register at
>
> http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
> ___
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki:http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/
>
--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-12 Thread Nils Breunese (Lemonbit) 
Les Mikesell wrote:

>> [r...@telephony conf.d]# cat /etc/selinux/config
>> # This file controls the state of SELinux on the system.
>> # SELINUX= can take one of these three values:
>> #   enforcing - SELinux security policy is enforced.
>> #   permissive - SELinux prints warnings instead of enforcing.
>> #   disabled - SELinux is fully disabled.
>> SELINUX=disabled
>> # SELINUXTYPE= type of policy in use. Possible values are:
>> #   targeted - Only targeted network daemons are protected.
>> #   strict - Full SELinux protection.
>> SELINUXTYPE=targeted
>
> Is that a cut/paste error or do you actually have targeted  
> uncommented?

Probably it's uncommented. Why would that be strange? As long as  
SELINUX=disabled it doesn't really matter what SELINUXTYPE is set to.

> By the way, it takes a reboot to make a change take effect.

The output of 'sestatus' tells you the status of SELinux.

We used to run BackupPC on CentOS 4 (now on CentOS 5), so I'm sure it  
can work.

# ll /var/www/cgi-bin/BackupPC_Admin
-rwsr-x--- 1 backuppc apache 3993 Apr  8  2008 /var/www/cgi-bin/ 
BackupPC_Admin

Nils Breunese.



--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-12 Thread Jim McNamara 
>
>
> Is that a cut/paste error or do you actually have targeted uncommented?
>  By the way, it takes a reboot to make a change take effect.
>
> --
>Les Mikesell
>lesmikes...@gmail.com
>
>
That wasn't a cut/paste error, targeted came up uncommented from the get go.
I went through the install with selinux disabled from the get go. I
commented it out and rebooted, no difference.
--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-12 Thread Les Mikesell 
Jim McNamara wrote:
> On Fri, Dec 12, 2008 at 12:10 PM, Les Mikesell  wrote:
> 
>> Jim McNamara wrote:
>>> Hello all! I'm normally a Debian guy, but for a project I'm forced to use
>>> CentOS 4.7. I installed BackupPC 3.1.0 from source. I'm trying to get
>>> BackupPC running on that box, and I cannot seem to get BackupPC_Admin (or
>>> the testsuid script found here -
>>> http://backuppc.sourceforge.net/faq/debugCGI.html) to work.
>>>
>> Do you have the perl-suidperl package installed (yum install
>> perl-suidperl)?   And selinux disabled?

>>
> Yes to both -
> 
> 
> [r...@telephony conf.d]# rpm -q perl-suidperl
> perl-suidperl-5.8.5-36.el4_6.3
> 
>  [r...@telephony conf.d]# cat /etc/selinux/config
> # This file controls the state of SELinux on the system.
> # SELINUX= can take one of these three values:
> #   enforcing - SELinux security policy is enforced.
> #   permissive - SELinux prints warnings instead of enforcing.
> #   disabled - SELinux is fully disabled.
> SELINUX=disabled
> # SELINUXTYPE= type of policy in use. Possible values are:
> #   targeted - Only targeted network daemons are protected.
> #   strict - Full SELinux protection.
> SELINUXTYPE=targeted
> 

Is that a cut/paste error or do you actually have targeted uncommented? 
  By the way, it takes a reboot to make a change take effect.

-- 
   Les Mikesell
lesmikes...@gmail.com

--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-12 Thread Jim McNamara 
On Fri, Dec 12, 2008 at 12:10 PM, Les Mikesell  wrote:

> Jim McNamara wrote:
> > Hello all! I'm normally a Debian guy, but for a project I'm forced to use
> > CentOS 4.7. I installed BackupPC 3.1.0 from source. I'm trying to get
> > BackupPC running on that box, and I cannot seem to get BackupPC_Admin (or
> > the testsuid script found here -
> > http://backuppc.sourceforge.net/faq/debugCGI.html) to work.
> >
>
> Do you have the perl-suidperl package installed (yum install
> perl-suidperl)?   And selinux disabled?
>
> --
>   Les Mikesell
>lesmikes...@gmail.com
>
>
> Yes to both -


[r...@telephony conf.d]# rpm -q perl-suidperl
perl-suidperl-5.8.5-36.el4_6.3

 [r...@telephony conf.d]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#   enforcing - SELinux security policy is enforced.
#   permissive - SELinux prints warnings instead of enforcing.
#   disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#   targeted - Only targeted network daemons are protected.
#   strict - Full SELinux protection.
SELINUXTYPE=targeted
--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Re: [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-12 Thread Les Mikesell 
Jim McNamara wrote:
> Hello all! I'm normally a Debian guy, but for a project I'm forced to use
> CentOS 4.7. I installed BackupPC 3.1.0 from source. I'm trying to get
> BackupPC running on that box, and I cannot seem to get BackupPC_Admin (or
> the testsuid script found here -
> http://backuppc.sourceforge.net/faq/debugCGI.html) to work.
> 

Do you have the perl-suidperl package installed (yum install 
perl-suidperl)?   And selinux disabled?

-- 
   Les Mikesell
lesmikes...@gmail.com


--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

[BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC

2008-12-12 Thread Jim McNamara 
Hello all! I'm normally a Debian guy, but for a project I'm forced to use
CentOS 4.7. I installed BackupPC 3.1.0 from source. I'm trying to get
BackupPC running on that box, and I cannot seem to get BackupPC_Admin (or
the testsuid script found here -
http://backuppc.sourceforge.net/faq/debugCGI.html) to work.

Judging by what I've seen in this thread,
http://www.mail-archive.com/backuppc-users@lists.sourceforge.net/msg02493.htmlthere
seems to be a hurdle with suid that I can't overcome. I can get the
permissions correct from a BackupPC perspective, but then the CentOS apache
doesn't want to play nice.

[r...@telephony conf.d]# ls -al /var/www/cgi-bin/
total 24
drwxr-xr-x  2 root root 4096 Dec 12 11:35 .
drwxr-xr-x  9 root root 4096 Dec 11 22:40 ..
-r-sr-x---  1 backuppc apache   3993 Dec 11 18:13 BackupPC_Admin
-rwxr-xr-x  1 backuppc backuppc   76 Dec 12 11:35 testsetuid

Here's the end of the apache error log -

[Fri Dec 12 11:44:25 2008] [error] [client 192.168.0.4] Premature end of
script headers: testsetuid
[Fri Dec 12 11:44:36 2008] [error] [client 192.168.0.4] Premature end of
script headers: BackupPC_Admin

The premature end of headers message is all over the backuppc archives, and
it pointed me to the page I mentioned above -
http://backuppc.sourceforge.net/faq/debugCGI.html . Going through that page
in order, I can generate the html at the command line when I execute
BackupPC_Admin as either backuppc or apache, but when I try through a
browser, I encounter suid issues. Here's the full output of the
/var/log/httpd/suexec.log -

[2008-12-11 22:37:44]: uid: (150/backuppc) gid: (150/150) cmd:
BackupPC_Admin
[2008-12-11 22:37:44]: cannot run as forbidden uid (150/BackupPC_Admin)
[2008-12-12 10:05:20]: uid: (150/backuppc) gid: (150/150) cmd:
BackupPC_Admin
[2008-12-12 10:05:20]: cannot run as forbidden uid (150/BackupPC_Admin)
[2008-12-12 10:10:41]: uid: (150/backuppc) gid: (150/150) cmd: testsetuid
[2008-12-12 10:10:41]: cannot run as forbidden uid (150/testsetuid)
[2008-12-12 10:24:03]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 10:24:03]: file is either setuid or setgid:
(/var/www/cgi-bin/testse
tuid)
[2008-12-12 10:27:22]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 10:27:22]: file is either setuid or setgid:
(/var/www/cgi-bin/testse
tuid)
[2008-12-12 10:27:24]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 10:27:24]: file is either setuid or setgid:
(/var/www/cgi-bin/testse
tuid)
[2008-12-12 10:38:30]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 10:38:30]: file is either setuid or setgid:
(/var/www/cgi-bin/testse
tuid)
[2008-12-12 10:56:22]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 10:56:22]: file is either setuid or setgid:
(/var/www/cgi-bin/testse
tuid)
[2008-12-12 10:57:44]: uid: (1010/backuppc) gid: (48/48) cmd: testsetuid
[2008-12-12 10:57:44]: cannot run as forbidden gid (48/testsetuid)
[2008-12-12 10:58:48]: uid: (1010/backuppc) gid: (48/48) cmd: testsetuid
[2008-12-12 10:58:48]: cannot run as forbidden gid (48/testsetuid)
[2008-12-12 11:18:31]: uid: (1010/backuppc) gid: (48/48) cmd: testsetuid
[2008-12-12 11:18:31]: cannot run as forbidden gid (48/testsetuid)
[2008-12-12 11:19:26]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:19:26]: target uid/gid (1010/1010) mismatch with directory
(0/0) or program (1010/48)
[2008-12-12 11:20:30]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:20:30]: target uid/gid (1010/1010) mismatch with directory
(0/0) or program (1010/1010)
[2008-12-12 11:21:23]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:25:01]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:25:22]: uid: (1010/backuppc) gid: (1010/1010) cmd:
BackupPC_Admin
[2008-12-12 11:25:22]: file is either setuid or setgid:
(/var/www/cgi-bin/BackupPC_Admin)
[2008-12-12 11:33:59]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:35:05]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:43:26]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:43:26]: target uid/gid (1010/1010) mismatch with directory
(0/0) or program (1010/1010)
[2008-12-12 11:43:32]: uid: (1010/backuppc) gid: (1010/1010) cmd:
BackupPC_Admin
[2008-12-12 11:43:32]: file is either setuid or setgid:
(/var/www/cgi-bin/BackupPC_Admin)
[2008-12-12 11:44:25]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:44:25]: target uid/gid (1010/1010) mismatch with directory
(0/0) or program (1010/1010)
[2008-12-12 11:44:36]: uid: (1010/backuppc) gid: (1010/1010) cmd:
BackupPC_Admin
[2008-12-12 11:44:36]: file is either setuid or setgid:
(/var/www/cgi-bin/BackupPC_Admin)


Obviously I changed the uid and gid for backuppc, thinking that was part of
the problem. It seemed to play a role, but wether it had the low uid (150)
or the higher (1010) it still wouldn't work.

D