Re: [BackupPC-users] Parameter for incremental backups on localhost using tarCreate.sh script
Hi,
Phil Reynolds wrote on 2013-10-19 05:45:51 +0100 [Re: [BackupPC-users]
Parameter for incremental backups on localhost using tarCreate.sh script]:
On Sat, 19 Oct 2013 01:11:35 +0200
Holger Parplies wb...@parplies.de wrote:
[...]
I don't really understand the need of a shell script, though.
What, exactly, was the point? It appears tarCreate.sh is adding a
'-c' option. Your sudo rule can enforce that just as well (and in a
way less prone to creating security holes).
backuppc ALL=NOPASSWD: /bin/tar -c *
Hmmm... I'd not thought of that as an option - the documentation I read
claimed the script was better than merely allowing tar, which it is...
but my limited experience of sudo meant I wasn't aware of the
possibility you mention.
re-reading this I feel my suggestion was a bit ambiguous. Just to be clear:
sudo *doesn't add* options to commands it executes, it ensures that the rule
only applies if the options are already there. With the above rule, the
following will (OK)/will not (XX) work:
OK sudo tar -c -v -f /tmp/foo.tar /bar
XX sudo tar cvf /tmp/foo.tar /bar
XX sudo tar -v -f /tmp/foo.tar /bar
XX sudo tar -v -c -f /tmp/foo.tar /bar
XX sudo tar -cvf /tmp/foo.tar /bar
The second line will fail, because sudo doesn't know that 'c' and '-c' mean
the same to tar. The third, fourth and fifth will fail because the first
argument to tar is not '-c'. Again, sudo doesn't know that '-v -c', '-c -v'
and '-cv' are all equivalent for tar (there could be commands where that's
not the case).
Additionally, the third line wouldn't give a valid tar command line (no
function selected). For all the failing lines, sudo would ask for a password
and then deny access (unless granted by another line in /etc/sudoers).
To sum it up, what you put in /etc/sudoers doesn't *change* what you need to
put in your BackupPC configuration but rather tries to *match* it as closely
as possible and meaningful ('-c' and '-f -' are important, because they
prevent writing to the target system; '-v' and '-C /' don't make any
difference, because they don't limit a potential attacker in what he is able
to do).
So, presuming you have
$Conf{TarClientCmd} = 'sudo $tarPath -c -v -f - -C / --totals';
I'd recommend
backuppc ALL=NOPASSWD: /bin/tar -c -v -f - *
in /etc/sudoers.
Planning to see what rsync is like as a method once I've perfected tar
- then I'll go with whichever seems to cause me least bother.
It shouldn't be much difference.
$Conf{RsyncClientCmd} = 'sudo $rsyncPath $argList';
backuppc ALL=NOPASSWD: /usr/bin/rsync --server --sender *
(you can add more arguments to that, but I don't think it will improve
security unless you can include the paths you are backing up, and they're at
the end, behind the ex-/includes ...).
As Les has already said, you should note, though, that rsync does more exact
incremental backups. tar might cause you bother when you're not expecting it -
when you need to restore something and don't get an exact snapshot of the
system at the time the backup was taken.
Regards,
Holger
--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60135031iu=/4140/ostg.clktrk
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Parameter for incremental backups on localhost using tarCreate.sh script
On Fri, Oct 18, 2013 at 6:11 PM, Holger Parplies wb...@parplies.de wrote: Personally, I would just use rsync over ssh like any other target and not worry about the CPU doing a little extra work. It's probably not doing much else then anyway... While I agree with rsync, I don't see the point of ssh, and you're completely ignoring the fact that there was some thought behind using the script - as if you were trying to trick Phil into getting rid of it. No, the reason that I use - and recommend - it is to eliminate special cases. Rsync over ssh 'just works' and can be the same everywhere. You also seem to be missing that it's a local backup, so the CPU is probably doing compression (as well as both sides of the ssh), and it might even be running concurrent backups. Yes, but my philosophy is that the machines are supposed to be doing the work instead of people - that's why we have them. So I'll let the CPU do a few extra cycles as a tradeoff for not wasting a weekend figuring out which quote was misplaced in a special case instance or why one instance works and another one doesn't. While replacing tar with rsync *inside* the script avoids the problem of needing to escape the date, it does *not* avoid needing to escape the $argList. While you might get away with an incorrect setting as long as there happens to be nothing requiring quoting, you'll be surprised some day when it stops working because you change your backup set, so do yourself a favour and get it right now, whether with tar or with rsync. And don't forget the point that tar incrementals can miss things that rysnc will catch. -- Les Mikesell lesmikes...@gmail.com -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135031iu=/4140/ostg.clktrk ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Parameter for incremental backups on localhost using tarCreate.sh script
On Sat, 19 Oct 2013 01:11:35 +0200 Holger Parplies wb...@parplies.de wrote: getting quoting right is an endless source of fun ... Looks like it... The net result in both cases is a failed backup, because tar tries to stat something derived from the time, as if it was a filename. How can I get round this problem? [...] The log shows: Running: sudo /usr/local/bin/tarCreate.sh -v -f - -C / --one-file-system --totals --newer=2013-10-13 08:36:07 . Basically, you would need to get quoting right within the shell script. I don't really understand the need of a shell script, though. What, exactly, was the point? It appears tarCreate.sh is adding a '-c' option. Your sudo rule can enforce that just as well (and in a way less prone to creating security holes). backuppc ALL=NOPASSWD: /bin/tar -c * Hmmm... I'd not thought of that as an option - the documentation I read claimed the script was better than merely allowing tar, which it is... but my limited experience of sudo meant I wasn't aware of the possibility you mention. If you drop the script and just use sudo, you would need $incrDate and $fileList without a +. Will try this... Planning to see what rsync is like as a method once I've perfected tar - then I'll go with whichever seems to cause me least bother. -- Phil Reynolds mail: phil-backu...@tinsleyviaduct.com Web: http://phil.tinsleyviaduct.com/ -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135031iu=/4140/ostg.clktrk ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
[BackupPC-users] Parameter for incremental backups on localhost using tarCreate.sh script
I am having problems backing up the localhost using a tarCreate.sh
script - I can do full backups, but the date and time seems impossible
to present properly for incrementals.
$Conf{TarIncrArgs} = '--newer=$incrDate $fileList+' as recommended by
the documentation fails to escape the space between the date and time.
Leaving it at the default as for a remote host ($Conf{TarIncrArgs} =
'--newer=$incrDate+ $fileList+') is also no good, as the unnecessary
escaping makes the parameter so that tar fails to understand it.
The net result in both cases is a failed backup, because tar tries to
stat something derived from the time, as if it was a filename.
How can I get round this problem?
--
Phil Reynolds
mail: phil-backu...@tinsleyviaduct.com
Web: http://phil.tinsleyviaduct.com/
--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60135031iu=/4140/ostg.clktrk
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Parameter for incremental backups on localhost using tarCreate.sh script
On Thu, Oct 17, 2013 at 1:30 PM, Phil Reynolds
phil-backu...@tinsleyviaduct.com wrote:
I am having problems backing up the localhost using a tarCreate.sh
script - I can do full backups, but the date and time seems impossible
to present properly for incrementals.
$Conf{TarIncrArgs} = '--newer=$incrDate $fileList+' as recommended by
the documentation fails to escape the space between the date and time.
Leaving it at the default as for a remote host ($Conf{TarIncrArgs} =
'--newer=$incrDate+ $fileList+') is also no good, as the unnecessary
escaping makes the parameter so that tar fails to understand it.
The net result in both cases is a failed backup, because tar tries to
stat something derived from the time, as if it was a filename.
How can I get round this problem?
Are you sure your shell script is receiving the date as multiple
parameters? Or is it parsing and breaking on the space in your
script or the command line being handed to tar?
--
Les Mikesell
lesmikes...@gmail.com
--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60135031iu=/4140/ostg.clktrk
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Parameter for incremental backups on localhost using tarCreate.sh script
On Thu, 17 Oct 2013 14:38:35 -0500
Les Mikesell lesmikes...@gmail.com wrote:
On Thu, Oct 17, 2013 at 1:30 PM, Phil Reynolds
phil-backu...@tinsleyviaduct.com wrote:
I am having problems backing up the localhost using a tarCreate.sh
script - I can do full backups, but the date and time seems
impossible to present properly for incrementals.
$Conf{TarIncrArgs} = '--newer=$incrDate $fileList+' as recommended
by the documentation fails to escape the space between the date and
time. Leaving it at the default as for a remote host
($Conf{TarIncrArgs} = '--newer=$incrDate+ $fileList+') is also no
good, as the unnecessary escaping makes the parameter so that tar
fails to understand it.
The net result in both cases is a failed backup, because tar tries
to stat something derived from the time, as if it was a filename.
How can I get round this problem?
Are you sure your shell script is receiving the date as multiple
parameters? Or is it parsing and breaking on the space in your
script or the command line being handed to tar?
Hmmm... it looks possible the breaking is happening in my script - and
it's the one referred to in the documentation.
The log shows:
Running: sudo /usr/local/bin/tarCreate.sh -v -f - -C /
--one-file-system --totals --newer=2013-10-13 08:36:07 .
incr backup started back to 2013-10-13 08:36:07 (backup #0) for
directory /
Xfer PIDs are now 10225,10224
/bin/tar: Option --after-date: Treating date `2013-10-13' as 2013-10-13
00:00:00
/bin/tar: 08\:36\:07: Cannot stat: No such file or directory
--
Phil Reynolds
mail: phil-backu...@tinsleyviaduct.com
Web: http://phil.tinsleyviaduct.com/
--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60135031iu=/4140/ostg.clktrk
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Parameter for incremental backups on localhost using tarCreate.sh script
On Thu, Oct 17, 2013 at 3:27 PM, Phil Reynolds
phil-backu...@tinsleyviaduct.com wrote:
On Thu, Oct 17, 2013 at 1:30 PM, Phil Reynolds
phil-backu...@tinsleyviaduct.com wrote:
I am having problems backing up the localhost using a tarCreate.sh
script - I can do full backups, but the date and time seems
impossible to present properly for incrementals.
$Conf{TarIncrArgs} = '--newer=$incrDate $fileList+' as recommended
by the documentation fails to escape the space between the date and
time. Leaving it at the default as for a remote host
($Conf{TarIncrArgs} = '--newer=$incrDate+ $fileList+') is also no
good, as the unnecessary escaping makes the parameter so that tar
fails to understand it.
The net result in both cases is a failed backup, because tar tries
to stat something derived from the time, as if it was a filename.
How can I get round this problem?
Are you sure your shell script is receiving the date as multiple
parameters? Or is it parsing and breaking on the space in your
script or the command line being handed to tar?
Hmmm... it looks possible the breaking is happening in my script - and
it's the one referred to in the documentation.
If you mean the one with:
exec /bin/tar $*
I think that should be $@ to maintain the positional arguments.
Personally, I would just use rsync over ssh like any other target and
not worry about the CPU doing a little extra work. It's probably not
doing much else then anyway...
--
Les Mikesell
lesmikes...@gmail.com
--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60135031iu=/4140/ostg.clktrk
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
