Re: [BackupPC-users] restricting cgi users restore to their own files, or how to handle many users.
Craig Barratt wrote: Ronny writes: I am taking backup of a directory /home, containing ~1000 users. And i want to allow each of the users access to restore his own files. But NOT to read/restore files that he normaly would not. Example: user1 have a file in /home/user1/private.txt that have 600 permissions. I dont want user2 to be able to read this thru the backuppc cgi. i have tested this with a line in hosts that say server 0 rootuser1,user2 and it seams to me that user2 can read all files of the backup, even files he normaly would have no access to. So how others solve this problem ? must you have 1000 lines in hosts, one line for each homedir ? Or are there a different way where i can have backuppc check the orginal permissions and deny restore if the user in question dont have the right access. BackupPC doesn't provide a mechanism to have fine-grained per-user permissions when browsing backups. The host file users have permissions for the entire host: browsing, editing the configuration, starting and canceling backups, etc. Enforcing permissions is a bit difficult since apache doesn't provide the uid and gid - just the username - and the backups just contain the client uid/gid. There is no guarantee that user names and uid/gids are common between the server and client. Perhaps we could have a new config variable which forces the browse path for non-admin users, eg: $Conf{CgiUserBrowseChroot} = { 'user1' = '/home:/user1', 'user2' = '/home:/user2', }; (/home is the share, and /user1 is the path relative to that share) There could also be a wildcard form that allows any user to browse their folder: $Conf{CgiUserBrowseChroot} = { '*' = '/home:/*', }; One drawback is this host won't appear in the pulldown in the navigation bar, since that is based on the hosts file. So the user has to navigate to their host by knowing the correct URL. Craig I would absolutely love to have the cgi interface give appropriate permissions to users like the original poster is asking for. Even if it required LDAP or something. This is one of the things I really miss about rsnapshot, which I used prior to BackupPC. Rsnapshot preserves all permissions and ownership of files. You can then export the backup tree via NFS or similar, with read-only permissions. Every user can browse that NFS share, subject to their user and group permissions, and restore their own backups. Here is a link describing how it's done in rsnapshot. http://www.rsnapshot.org/howto/1.2/rsnapshot-HOWTO.en.html#restoring_backups I realize that it's not this easy to do with BackupPC, but I think it's something worth striving for. By the way, rsnapshot has some drawbacks compared to BackupPC. For instance, there is no file pooling, no web interface, and the backup tree can be a little confusing for beginners to navigate. -Rob - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
Re: [BackupPC-users] restricting cgi users restore to their own files, or how to handle many users.
On Wed, 2007-09-26 at 04:31 -0700, Craig Barratt wrote: Ronny writes: I am taking backup of a directory /home, containing ~1000 users. And i want to allow each of the users access to restore his own files. But NOT to read/restore files that he normaly would not. Example: user1 have a file in /home/user1/private.txt that have 600 permissions. I dont want user2 to be able to read this thru the backuppc cgi. i have tested this with a line in hosts that say server 0 rootuser1,user2 and it seams to me that user2 can read all files of the backup, even files he normaly would have no access to. So how others solve this problem ? must you have 1000 lines in hosts, one line for each homedir ? Or are there a different way where i can have backuppc check the orginal permissions and deny restore if the user in question dont have the right access. BackupPC doesn't provide a mechanism to have fine-grained per-user permissions when browsing backups. The host file users have permissions for the entire host: browsing, editing the configuration, starting and canceling backups, etc. Enforcing permissions is a bit difficult since apache doesn't provide the uid and gid - just the username - and the backups just contain the client uid/gid. There is no guarantee that user names and uid/gids are common between the server and client. that's not a guarantee, but when you have ldap/sql/nis user-uid mapping it's quite commonly so. I assume one could deny access if the user didn't map to a uid. mapping a user to the wrong uid would be hard to detect. But it's not your stock configuration anyway so some prerequisites like common user database can be expected. Perhaps we could have a new config variable which forces the browse path for non-admin users, eg: $Conf{CgiUserBrowseChroot} = { 'user1' = '/home:/user1', 'user2' = '/home:/user2', }; (/home is the share, and /user1 is the path relative to that share) There could also be a wildcard form that allows any user to browse their folder: $Conf{CgiUserBrowseChroot} = { '*' = '/home:/*', }; One drawback is this host won't appear in the pulldown in the navigation bar, since that is based on the hosts file. So the user has to navigate to their host by knowing the correct URL. So there is no way to do this currently. Having 1000 hostlines is not that big a problem for the user. Since it's the admin that have to live with a _Lng_ dropdown box. would backuppc deal with a hostsfile of ~1000 lines and 1000 files saying server-user[].pl -- mvh Ronny Aasen -- 41616155 -- [EMAIL PROTECTED] -- Datapart AS -- 57682100 -- www.datapart-as.no -- signature.asc Description: This is a digitally signed message part - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
Re: [BackupPC-users] restricting cgi users restore to their own files, or how to handle many users.
Ronny writes: I am taking backup of a directory /home, containing ~1000 users. And i want to allow each of the users access to restore his own files. But NOT to read/restore files that he normaly would not. Example: user1 have a file in /home/user1/private.txt that have 600 permissions. I dont want user2 to be able to read this thru the backuppc cgi. i have tested this with a line in hosts that say server 0 rootuser1,user2 and it seams to me that user2 can read all files of the backup, even files he normaly would have no access to. So how others solve this problem ? must you have 1000 lines in hosts, one line for each homedir ? Or are there a different way where i can have backuppc check the orginal permissions and deny restore if the user in question dont have the right access. BackupPC doesn't provide a mechanism to have fine-grained per-user permissions when browsing backups. The host file users have permissions for the entire host: browsing, editing the configuration, starting and canceling backups, etc. Enforcing permissions is a bit difficult since apache doesn't provide the uid and gid - just the username - and the backups just contain the client uid/gid. There is no guarantee that user names and uid/gids are common between the server and client. Perhaps we could have a new config variable which forces the browse path for non-admin users, eg: $Conf{CgiUserBrowseChroot} = { 'user1' = '/home:/user1', 'user2' = '/home:/user2', }; (/home is the share, and /user1 is the path relative to that share) There could also be a wildcard form that allows any user to browse their folder: $Conf{CgiUserBrowseChroot} = { '*' = '/home:/*', }; One drawback is this host won't appear in the pulldown in the navigation bar, since that is based on the hosts file. So the user has to navigate to their host by knowing the correct URL. Craig - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
Re: [BackupPC-users] restricting cgi users restore to their own files, or how to handle many users.
Sorry about the duplicate post. Trying to use the right address now ! Ronny writes: I am taking backup of a directory /home, containing ~1000 users. And i want to allow each of the users access to restore his own files. But NOT to read/restore files that he normaly would not. Example: user1 have a file in /home/user1/private.txt that have 600 permissions. I dont want user2 to be able to read this thru the backuppc cgi. i have tested this with a line in hosts that say server 0 rootuser1,user2 and it seams to me that user2 can read all files of the backup, even files he normaly would have no access to. So how others solve this problem ? must you have 1000 lines in hosts, one line for each homedir ? Or are there a different way where i can have backuppc check the orginal permissions and deny restore if the user in question dont have the right access. BackupPC doesn't provide a mechanism to have fine-grained per-user permissions when browsing backups. The host file users have permissions for the entire host: browsing, editing the configuration, starting and canceling backups, etc. Enforcing permissions is a bit difficult since apache doesn't provide the uid and gid - just the username - and the backups just contain the client uid/gid. There is no guarantee that user names and uid/gids are common between the server and client. that's not a guarantee, but when you have ldap/sql/nis user-uid mapping it's quite commonly so. I assume one could deny access if the user didn't map to a uid. mapping a user to the wrong uid would be hard to detect. But it's not your stock configuration anyway so some prerequisites like common user database can be expected. Perhaps we could have a new config variable which forces the browse path for non-admin users, eg: $Conf{CgiUserBrowseChroot} = { 'user1' = '/home:/user1', 'user2' = '/home:/user2', }; (/home is the share, and /user1 is the path relative to that share) There could also be a wildcard form that allows any user to browse their folder: $Conf{CgiUserBrowseChroot} = { '*' = '/home:/*', }; One drawback is this host won't appear in the pulldown in the navigation bar, since that is based on the hosts file. So the user has to navigate to their host by knowing the correct URL. So there is no way to do this currently. Having 1000 hostlines is not that big a problem for the user. Since it's the admin that have to live with a _Lng_ dropdown box. would backuppc deal with a hostsfile of ~1000 lines and 1000 files saying server-user[].pl -- mvh Ronny Aasen -- 41616155 -- [EMAIL PROTECTED] -- Datapart AS -- 57682100 -- www.datapart-as.no -- - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
Re: [BackupPC-users] restricting cgi users restore to their own files, or how to handle many users.
I only ever have seen one backup package that allowed that fine grained restores. ... SyBack by SyncSort, Inc. on the IBM VM operating system for CMS users. Any user could restore any file they owned or could read to wherever they had write permissions to. That would be a 'killer enhancement to BackupPC! On Wed, 2007-09-26 at 04:31 -0700, Craig Barratt wrote: Ronny writes: I am taking backup of a directory /home, containing ~1000 users. And i want to allow each of the users access to restore his own files. But NOT to read/restore files that he normaly would not. Example: user1 have a file in /home/user1/private.txt that have 600 permissions. I dont want user2 to be able to read this thru the backuppc cgi. i have tested this with a line in hosts that say server 0 rootuser1,user2 and it seams to me that user2 can read all files of the backup, even files he normaly would have no access to. So how others solve this problem ? must you have 1000 lines in hosts, one line for each homedir ? Or are there a different way where i can have backuppc check the orginal permissions and deny restore if the user in question dont have the right access. BackupPC doesn't provide a mechanism to have fine-grained per-user permissions when browsing backups. The host file users have permissions for the entire host: browsing, editing the configuration, starting and canceling backups, etc. Enforcing permissions is a bit difficult since apache doesn't provide the uid and gid - just the username - and the backups just contain the client uid/gid. There is no guarantee that user names and uid/gids are common between the server and client. Perhaps we could have a new config variable which forces the browse path for non-admin users, eg: $Conf{CgiUserBrowseChroot} = { 'user1' = '/home:/user1', 'user2' = '/home:/user2', }; (/home is the share, and /user1 is the path relative to that share) There could also be a wildcard form that allows any user to browse their folder: $Conf{CgiUserBrowseChroot} = { '*' = '/home:/*', }; One drawback is this host won't appear in the pulldown in the navigation bar, since that is based on the hosts file. So the user has to navigate to their host by knowing the correct URL. Craig - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/ - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
[BackupPC-users] restricting cgi users restore to their own files, or how to handle many users.
Hello. I have installed backuppc + apache2 ldap_auth on debian etch and it's working great. Now i have one challenge that i have not been able to find a solution for in the docs or mailinglist archives. If it's been answered allready I would very much like a url. I am taking backup of a directory /home, containing ~1000 users. And i want to allow each of the users access to restore his own files. But NOT to read/restore files that he normaly would not. Example: user1 have a file in /home/user1/private.txt that have 600 permissions. I dont want user2 to be able to read this thru the backuppc cgi. i have tested this with a line in hosts that say server 0 rootuser1,user2 and it seams to me that user2 can read all files of the backup, even files he normaly would have no access to. So how others solve this problem ? must you have 1000 lines in hosts, one line for each homedir ? Or are there a different way where i can have backuppc check the orginal permissions and deny restore if the user in question dont have the right access. Kind regards -- mvh Ronny Aasen -- 41616155 -- [EMAIL PROTECTED] -- Datapart AS -- 57682100 -- www.datapart-as.no -- signature.asc Description: This is a digitally signed message part - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/