Re: [BackupPC-users] Parameter for incremental backups on localhost using tarCreate.sh script
Hi, Phil Reynolds wrote on 2013-10-19 05:45:51 +0100 [Re: [BackupPC-users] Parameter for incremental backups on localhost using tarCreate.sh script]: On Sat, 19 Oct 2013 01:11:35 +0200 Holger Parplies wb...@parplies.de wrote: [...] I don't really understand the need of a shell script, though. What, exactly, was the point? It appears tarCreate.sh is adding a '-c' option. Your sudo rule can enforce that just as well (and in a way less prone to creating security holes). backuppc ALL=NOPASSWD: /bin/tar -c * Hmmm... I'd not thought of that as an option - the documentation I read claimed the script was better than merely allowing tar, which it is... but my limited experience of sudo meant I wasn't aware of the possibility you mention. re-reading this I feel my suggestion was a bit ambiguous. Just to be clear: sudo *doesn't add* options to commands it executes, it ensures that the rule only applies if the options are already there. With the above rule, the following will (OK)/will not (XX) work: OK sudo tar -c -v -f /tmp/foo.tar /bar XX sudo tar cvf /tmp/foo.tar /bar XX sudo tar -v -f /tmp/foo.tar /bar XX sudo tar -v -c -f /tmp/foo.tar /bar XX sudo tar -cvf /tmp/foo.tar /bar The second line will fail, because sudo doesn't know that 'c' and '-c' mean the same to tar. The third, fourth and fifth will fail because the first argument to tar is not '-c'. Again, sudo doesn't know that '-v -c', '-c -v' and '-cv' are all equivalent for tar (there could be commands where that's not the case). Additionally, the third line wouldn't give a valid tar command line (no function selected). For all the failing lines, sudo would ask for a password and then deny access (unless granted by another line in /etc/sudoers). To sum it up, what you put in /etc/sudoers doesn't *change* what you need to put in your BackupPC configuration but rather tries to *match* it as closely as possible and meaningful ('-c' and '-f -' are important, because they prevent writing to the target system; '-v' and '-C /' don't make any difference, because they don't limit a potential attacker in what he is able to do). So, presuming you have $Conf{TarClientCmd} = 'sudo $tarPath -c -v -f - -C / --totals'; I'd recommend backuppc ALL=NOPASSWD: /bin/tar -c -v -f - * in /etc/sudoers. Planning to see what rsync is like as a method once I've perfected tar - then I'll go with whichever seems to cause me least bother. It shouldn't be much difference. $Conf{RsyncClientCmd} = 'sudo $rsyncPath $argList'; backuppc ALL=NOPASSWD: /usr/bin/rsync --server --sender * (you can add more arguments to that, but I don't think it will improve security unless you can include the paths you are backing up, and they're at the end, behind the ex-/includes ...). As Les has already said, you should note, though, that rsync does more exact incremental backups. tar might cause you bother when you're not expecting it - when you need to restore something and don't get an exact snapshot of the system at the time the backup was taken. Regards, Holger -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135031iu=/4140/ostg.clktrk ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Parameter for incremental backups on localhost using tarCreate.sh script
On Fri, Oct 18, 2013 at 6:11 PM, Holger Parplies wb...@parplies.de wrote: Personally, I would just use rsync over ssh like any other target and not worry about the CPU doing a little extra work. It's probably not doing much else then anyway... While I agree with rsync, I don't see the point of ssh, and you're completely ignoring the fact that there was some thought behind using the script - as if you were trying to trick Phil into getting rid of it. No, the reason that I use - and recommend - it is to eliminate special cases. Rsync over ssh 'just works' and can be the same everywhere. You also seem to be missing that it's a local backup, so the CPU is probably doing compression (as well as both sides of the ssh), and it might even be running concurrent backups. Yes, but my philosophy is that the machines are supposed to be doing the work instead of people - that's why we have them. So I'll let the CPU do a few extra cycles as a tradeoff for not wasting a weekend figuring out which quote was misplaced in a special case instance or why one instance works and another one doesn't. While replacing tar with rsync *inside* the script avoids the problem of needing to escape the date, it does *not* avoid needing to escape the $argList. While you might get away with an incorrect setting as long as there happens to be nothing requiring quoting, you'll be surprised some day when it stops working because you change your backup set, so do yourself a favour and get it right now, whether with tar or with rsync. And don't forget the point that tar incrementals can miss things that rysnc will catch. -- Les Mikesell lesmikes...@gmail.com -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135031iu=/4140/ostg.clktrk ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Parameter for incremental backups on localhost using tarCreate.sh script
On Sat, 19 Oct 2013 01:11:35 +0200 Holger Parplies wb...@parplies.de wrote: getting quoting right is an endless source of fun ... Looks like it... The net result in both cases is a failed backup, because tar tries to stat something derived from the time, as if it was a filename. How can I get round this problem? [...] The log shows: Running: sudo /usr/local/bin/tarCreate.sh -v -f - -C / --one-file-system --totals --newer=2013-10-13 08:36:07 . Basically, you would need to get quoting right within the shell script. I don't really understand the need of a shell script, though. What, exactly, was the point? It appears tarCreate.sh is adding a '-c' option. Your sudo rule can enforce that just as well (and in a way less prone to creating security holes). backuppc ALL=NOPASSWD: /bin/tar -c * Hmmm... I'd not thought of that as an option - the documentation I read claimed the script was better than merely allowing tar, which it is... but my limited experience of sudo meant I wasn't aware of the possibility you mention. If you drop the script and just use sudo, you would need $incrDate and $fileList without a +. Will try this... Planning to see what rsync is like as a method once I've perfected tar - then I'll go with whichever seems to cause me least bother. -- Phil Reynolds mail: phil-backu...@tinsleyviaduct.com Web: http://phil.tinsleyviaduct.com/ -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135031iu=/4140/ostg.clktrk ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
[BackupPC-users] Parameter for incremental backups on localhost using tarCreate.sh script
I am having problems backing up the localhost using a tarCreate.sh script - I can do full backups, but the date and time seems impossible to present properly for incrementals. $Conf{TarIncrArgs} = '--newer=$incrDate $fileList+' as recommended by the documentation fails to escape the space between the date and time. Leaving it at the default as for a remote host ($Conf{TarIncrArgs} = '--newer=$incrDate+ $fileList+') is also no good, as the unnecessary escaping makes the parameter so that tar fails to understand it. The net result in both cases is a failed backup, because tar tries to stat something derived from the time, as if it was a filename. How can I get round this problem? -- Phil Reynolds mail: phil-backu...@tinsleyviaduct.com Web: http://phil.tinsleyviaduct.com/ -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135031iu=/4140/ostg.clktrk ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Parameter for incremental backups on localhost using tarCreate.sh script
On Thu, Oct 17, 2013 at 1:30 PM, Phil Reynolds phil-backu...@tinsleyviaduct.com wrote: I am having problems backing up the localhost using a tarCreate.sh script - I can do full backups, but the date and time seems impossible to present properly for incrementals. $Conf{TarIncrArgs} = '--newer=$incrDate $fileList+' as recommended by the documentation fails to escape the space between the date and time. Leaving it at the default as for a remote host ($Conf{TarIncrArgs} = '--newer=$incrDate+ $fileList+') is also no good, as the unnecessary escaping makes the parameter so that tar fails to understand it. The net result in both cases is a failed backup, because tar tries to stat something derived from the time, as if it was a filename. How can I get round this problem? Are you sure your shell script is receiving the date as multiple parameters? Or is it parsing and breaking on the space in your script or the command line being handed to tar? -- Les Mikesell lesmikes...@gmail.com -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135031iu=/4140/ostg.clktrk ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Parameter for incremental backups on localhost using tarCreate.sh script
On Thu, 17 Oct 2013 14:38:35 -0500 Les Mikesell lesmikes...@gmail.com wrote: On Thu, Oct 17, 2013 at 1:30 PM, Phil Reynolds phil-backu...@tinsleyviaduct.com wrote: I am having problems backing up the localhost using a tarCreate.sh script - I can do full backups, but the date and time seems impossible to present properly for incrementals. $Conf{TarIncrArgs} = '--newer=$incrDate $fileList+' as recommended by the documentation fails to escape the space between the date and time. Leaving it at the default as for a remote host ($Conf{TarIncrArgs} = '--newer=$incrDate+ $fileList+') is also no good, as the unnecessary escaping makes the parameter so that tar fails to understand it. The net result in both cases is a failed backup, because tar tries to stat something derived from the time, as if it was a filename. How can I get round this problem? Are you sure your shell script is receiving the date as multiple parameters? Or is it parsing and breaking on the space in your script or the command line being handed to tar? Hmmm... it looks possible the breaking is happening in my script - and it's the one referred to in the documentation. The log shows: Running: sudo /usr/local/bin/tarCreate.sh -v -f - -C / --one-file-system --totals --newer=2013-10-13 08:36:07 . incr backup started back to 2013-10-13 08:36:07 (backup #0) for directory / Xfer PIDs are now 10225,10224 /bin/tar: Option --after-date: Treating date `2013-10-13' as 2013-10-13 00:00:00 /bin/tar: 08\:36\:07: Cannot stat: No such file or directory -- Phil Reynolds mail: phil-backu...@tinsleyviaduct.com Web: http://phil.tinsleyviaduct.com/ -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135031iu=/4140/ostg.clktrk ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Parameter for incremental backups on localhost using tarCreate.sh script
On Thu, Oct 17, 2013 at 3:27 PM, Phil Reynolds phil-backu...@tinsleyviaduct.com wrote: On Thu, Oct 17, 2013 at 1:30 PM, Phil Reynolds phil-backu...@tinsleyviaduct.com wrote: I am having problems backing up the localhost using a tarCreate.sh script - I can do full backups, but the date and time seems impossible to present properly for incrementals. $Conf{TarIncrArgs} = '--newer=$incrDate $fileList+' as recommended by the documentation fails to escape the space between the date and time. Leaving it at the default as for a remote host ($Conf{TarIncrArgs} = '--newer=$incrDate+ $fileList+') is also no good, as the unnecessary escaping makes the parameter so that tar fails to understand it. The net result in both cases is a failed backup, because tar tries to stat something derived from the time, as if it was a filename. How can I get round this problem? Are you sure your shell script is receiving the date as multiple parameters? Or is it parsing and breaking on the space in your script or the command line being handed to tar? Hmmm... it looks possible the breaking is happening in my script - and it's the one referred to in the documentation. If you mean the one with: exec /bin/tar $* I think that should be $@ to maintain the positional arguments. Personally, I would just use rsync over ssh like any other target and not worry about the CPU doing a little extra work. It's probably not doing much else then anyway... -- Les Mikesell lesmikes...@gmail.com -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135031iu=/4140/ostg.clktrk ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/