Re: [BackupPC-users] Permission denied during backup
Just do a whereis sudo to get the actual path and use the same. I just don't know what about the arguments before sudo... -- Thanks and Regards, Anand -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Permission denied during backup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Johan Ehnberg wrote: So, probably better to pass --one-file-system to rsync rather than worrying about trying to exclude /proc, /sys, etc... But then we have to worry about mounts on each client separately to get it all backed up, right? True, but equally you don't need to worry about someone plugging in an external HDD etc which you don't really want backed up, or another NFS mount/etc... I guess backing up everything except the exclusions is good if other people might change the HDD layout without you noticing... Perhaps a simple plugin/add-on to backuppc which can ssh to the host, run a mount look for specific fs types (eg, ext2/3, reiserfs, etc... and then email/alert if any were not backed up... I might think about that one as a possible add-in for my monitoring system. Regards, Adam -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklNjbcACgkQGyoxogrTyiVeKwCfQQPC3edyOFkLSB2I3qbpkXU3 M10AoLZ2xc87XdSrUwqqTjPKOTaKAT3r =Jjtk -END PGP SIGNATURE- -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Permission denied during backup
Holger Parplies wrote at about 01:56:31 +0100 on Saturday, December 20, 2008: Hi, Adam Goryachev wrote on 2008-12-20 00:55:45 +1100 [Re: [BackupPC-users] Permission denied during backup]: In my setup, there are no other files on a normal system that will not be backed up (when sane sane excludes are used). Sane excludes being such that match everything that cannot be backed up? :) That's pretty much how I end up having to define sane excludes on my Windows machines -- until that is I figured out how to use shadow copies ;) -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Permission denied during backup
Glassfox wrote:
Carl Wilhelm Soderstrom wrote:
On 12/18 03:56 , Glassfox wrote:
Hello, I want to backup my localhost completely and just backup the root
folder with some excludes (proc, sys, media and backuppc pool folder).
Backup was successful, but if I look at the error log file there are a lot
of Permission denied errors for the home folders, some files in the
/root/ folder and some other folders. What is the best way to get also all
this files/folders backuped?
In your /etc/backuppc/localhost.pl, use something like this (assuming you're
using tar for your local backup):
$Conf{TarClientCmd} = '/usr/bin/env LC_ALL=C /usr/bin/sudo $tarPath -c -v -f
- -C $shareName'
. ' --totals';
Thanks guys, and sorry: I'm using rsync :( What is the best solution for
this? And yes, I'm running backuppc as a normal user and not as root.
Did you try the docs I referred? Or is the case that you don't have root
access at all, in other words you are not able to edit /etc/sudoers?
File permissions work that way - you either need to be root or need to
set access to the files (see 'man chown' and 'man chmod'). For secret
files, such as cryptographic keys, it is not at all feasible to use
loose permissions, which again brings us back to the need for root access.
Hope this helps,
Johan
--
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Permission denied during backup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Johan Ehnberg wrote: File permissions work that way - you either need to be root or need to set access to the files (see 'man chown' and 'man chmod'). For secret files, such as cryptographic keys, it is not at all feasible to use loose permissions, which again brings us back to the need for root access. BTW, not likely relevant in this specific case, but root can't access all files... damn, in trying to prove this to myself, I noticed it didn't work. However, I seem to recall that it was possible to deny root access to files by making the either owner/group root, and then setting permissions for owner/group to 0. Something like: echo test /tmp/test chown user.root /tmp/test chmod 600 /tmp/test since root has group permissions (root==root) then it would look to the group permissions to see if I can access the file. group perms are 0, so I would get a perm denied. However, my quick test just now didn't work out like that can anyone confirm if this was only valid in older versions of linux, or suggest cases where it is valid? BTW, this case is valid, and can work to deny access to a normal user.. maybe: echo test /tmp/test chown usera.groupa /tmp/test chmod 604 /tmp/test now anyone who is not usera AND is a member of groupa can not read the file, anyone else can read the file ad...@adamg-laptop:/tmp$ ls -l /tmp/test - -rwr-- 1 root adamg 15 2008-12-20 00:48 /tmp/test ad...@adamg-laptop:/tmp$ id uid=1000(adamg) gid=1000(adamg) groups=1000(adamg) ad...@adamg-laptop:/tmp$ cat test cat: test: Permission denied Regards, Adam -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklLp9sACgkQGyoxogrTyiWEVACfXU8MS3zFE6FFxhrJN0JIWMon okAAn3XTxLDvzcZuJzsEBnyMIhF8QsCI =jA/6 -END PGP SIGNATURE- -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Permission denied during backup
Usually backuppc is not run by root but by it's onw user. as you are backing up the localmachine you don't need ssh to do the file transfer. Just copy rsync to /opt/BackupPC/bin chown root:backuppc /opt/BackupPC/bin/rsync chmod 550 /opt/BackupPC/bin/rsync chmod u+s /opt/BackupPC/bin/rsync this way you'll have your backups done fast and simple in your local machine. cheers Pedro -- Pedro M. S. Oliveira IT Consultant Email: pmsolive...@gmail.com URL: http://pedro.linux-geex.com Cellular: +351 96 5867227 -- On Thursday 18 December 2008 20:56:45 Glassfox wrote: Hello, I want to backup my localhost completely and just backup the root folder with some excludes (proc, sys, media and backuppc pool folder). Backup was successful, but if I look at the error log file there are a lot of Permission denied errors for the home folders, some files in the /root/ folder and some other folders. What is the best way to get also all this files/folders backuped? Thanks. +-- |This was sent by wild...@yahoo.de via Backup Central. |Forward SPAM to ab...@backupcentral.com. +-- -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/ -- -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Permission denied during backup
Adam Goryachev wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Johan Ehnberg wrote: File permissions work that way - you either need to be root or need to set access to the files (see 'man chown' and 'man chmod'). For secret files, such as cryptographic keys, it is not at all feasible to use loose permissions, which again brings us back to the need for root access. BTW, not likely relevant in this specific case, but root can't access all files... damn, in trying to prove this to myself, I noticed it didn't work. However, I seem to recall that it was possible to deny root access to files by making the either owner/group root, and then setting permissions for owner/group to 0. Something like: echo test /tmp/test chown user.root /tmp/test chmod 600 /tmp/test since root has group permissions (root==root) then it would look to the group permissions to see if I can access the file. group perms are 0, so I would get a perm denied. However, my quick test just now didn't work out like that can anyone confirm if this was only valid in older versions of linux, or suggest cases where it is valid? BTW, this case is valid, and can work to deny access to a normal user.. maybe: echo test /tmp/test chown usera.groupa /tmp/test chmod 604 /tmp/test now anyone who is not usera AND is a member of groupa can not read the file, anyone else can read the file ad...@adamg-laptop:/tmp$ ls -l /tmp/test - -rwr-- 1 root adamg 15 2008-12-20 00:48 /tmp/test ad...@adamg-laptop:/tmp$ id uid=1000(adamg) gid=1000(adamg) groups=1000(adamg) ad...@adamg-laptop:/tmp$ cat test cat: test: Permission denied Regards, Adam Hi Adam! You are right about root not being perfectly omnipotent. Here's one quite different case which I see in my logs all the time: Remote[1]: rsync: readlink /home/johan/.gvfs failed: Permission denied (13) 'ls -la' gives (note the size!) dr-x-- 2 johan johan 0 2008-12-19 14:39 .gvfs 'sudo ls -la' gives d? ? ? ? ?? .gvfs In my setup, there are no other files on a normal system that will not be backed up (when sane sane excludes are used). Best regards, Johan -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Permission denied during backup
Usually backuppc is not run by root but by it's onw user. as you are backing up the localmachine you don't need ssh to do the file transfer. Just copy rsync to /opt/BackupPC/bin chown root:backuppc /opt/BackupPC/bin/rsync chmod 550 /opt/BackupPC/bin/rsync chmod u+s /opt/BackupPC/bin/rsync this way you'll have your backups done fast and simple in your local machine. cheers Pedro -- Pedro M. S. Oliveira IT Consultant Email: pmsolive...@gmail.com URL: http://pedro.linux-geex.com Cellular: +351 96 5867227 -- On Thursday 18 December 2008 20:56:45 Glassfox wrote: Hello, I want to backup my localhost completely and just backup the root folder with some excludes (proc, sys, media and backuppc pool folder). Backup was successful, but if I look at the error log file there are a lot of Permission denied errors for the home folders, some files in the /root/ folder and some other folders. What is the best way to get also all this files/folders backuped? Thanks. +-- |This was sent by wild...@yahoo.de via Backup Central. |Forward SPAM to ab...@backupcentral.com. +-- -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/ -- -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Permission denied during backup
Hi, Adam Goryachev wrote on 2008-12-20 00:55:45 +1100 [Re: [BackupPC-users] Permission denied during backup]: [...] BTW, not likely relevant in this specific case, but root can't access all files... damn, in trying to prove this to myself, I noticed it didn't work. However, I seem to recall that it was possible to deny root access to files by making the either owner/group root, and then setting permissions for owner/group to 0. this is generally not correct. For root (CAP_DAC_OVERRIDE, to be exact) the permission bits for read/write access are *not* checked (well, a failure is overridden, to be exact) and execute is allowed if *any* x-bit is set. It is possible to remove CAP_DAC_OVERRIDE from root's capabilities (with grsecurity and almost certainly selinux too, but I haven't checked) as well as possibly grant the capability to other users (though I haven't checked that either, it's just how I understand it). This means you can *make* what you say true (by removing root's CAP_DAC_OVERRIDE) as well as possibly create a backup user which has CAP_DAC_OVERRIDE (CAP_DAC_READ_SEARCH, ...) but none of the other special capabilities (would be an interesting topic - does anyone know more about this?). If you are mounting a file system via NFS, some checks are done on the server, which has an option (root_squash) to map root to nobody. This means the NFS *server* can enforce giving root (on the *client*) less access than permissions would suggest (owner root, permissions rwx, yet no access because the check is done for 'nobody', not 'root'). can anyone confirm if this was only valid in older versions of linux, or suggest cases where it is valid? I don't think it was ever possible to block root access by restrictive owner or group permissions, but I'm not sure. I might have a 0.95c kernel somewhere, but I somehow doubt it would handle my SATA disks ;-). BTW, this case is valid, and can work to deny access to a normal user.. True. As I said, without CAP_DAC_OVERRIDE, it would work for root too. Johan Ehnberg wrote on 2008-12-19 16:29:10 +0200 [Re: [BackupPC-users] Permission denied during backup]: [...] You are right about root not being perfectly omnipotent. Here's one quite different case which I see in my logs all the time: Remote[1]: rsync: readlink /home/johan/.gvfs failed: Permission denied (13) /home/johan is on NFS, right? 'ls -la' gives (note the size!) dr-x-- 2 johan johan 0 2008-12-19 14:39 .gvfs Strange. Even an empty directory needs to contain '.' and '..' entries (and the link count 2 suggests that it does). How any file system would store that in 0 bytes ... maybe in the inode? Mis-information from the NFS server? What FS type is this (on the server)? 'sudo ls -la' gives d? ? ? ? ?? .gvfs I can't remember having seen that kind of 'ls' output, but a failure to stat() /home/johan/.gvfs has more to do with the permissions on /home/johan than the subdirectory. The results you get from mismatched 'r' and 'x' permissions on directories tend to be confusing (being able to read a directory but not access (and thus stat()) the files in it, or being able to access the files but not read the directory). In my setup, there are no other files on a normal system that will not be backed up (when sane sane excludes are used). Sane excludes being such that match everything that cannot be backed up? :) Regards, Holger -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Permission denied during backup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Holger Parplies wrote: Hi, Adam Goryachev wrote on 2008-12-20 00:55:45 +1100 [Re: [BackupPC-users] Permission denied during backup]: [...] BTW, not likely relevant in this specific case, but root can't access all files... damn, in trying to prove this to myself, I noticed it didn't work. However, I seem to recall that it was possible to deny root access to files by making the either owner/group root, and then setting permissions for owner/group to 0. can anyone confirm if this was only valid in older versions of linux, or suggest cases where it is valid? I don't think it was ever possible to block root access by restrictive owner or group permissions, but I'm not sure. I might have a 0.95c kernel somewhere, but I somehow doubt it would handle my SATA disks ;-). Well, I was thinking more of a 1.2 or 1.4 kernel version... It would have to be prior to linux having capabilities... I am fairly sure it happened, (because I was surprised when it did), but not 100% :) Johan Ehnberg wrote on 2008-12-19 16:29:10 +0200 [Re: [BackupPC-users] Permission denied during backup]: [...] You are right about root not being perfectly omnipotent. Here's one quite different case which I see in my logs all the time: Remote[1]: rsync: readlink /home/johan/.gvfs failed: Permission denied (13) /home/johan is on NFS, right? Doesn't need to be... 'ls -la' gives (note the size!) dr-x-- 2 johan johan 0 2008-12-19 14:39 .gvfs Strange. Even an empty directory needs to contain '.' and '..' entries (and the link count 2 suggests that it does). How any file system would store that in 0 bytes ... maybe in the inode? Mis-information from the NFS server? What FS type is this (on the server)? 'sudo ls -la' gives d? ? ? ? ?? .gvfs I can't remember having seen that kind of 'ls' output, but a failure to stat() /home/johan/.gvfs has more to do with the permissions on /home/johan than the subdirectory. The results you get from mismatched 'r' and 'x' permissions on directories tend to be confusing (being able to read a directory but not access (and thus stat()) the files in it, or being able to access the files but not read the directory). ad...@adamg-laptop:~$ id uid=1000(adamg) gid=1000(adamg) groups=1000(adamg) ad...@adamg-laptop:~$ ls -ld .gvfs dr-x-- 2 adamg adamg 0 2008-12-17 10:19 .gvfs It looks normal enough, except that 0 byte size... ad...@adamg-laptop:~$ ls -la .gvfs total 3 dr-x-- 2 adamg adamg0 2008-12-17 10:19 . drwxr-xr-x 76 adamg adamg 3296 2008-12-18 21:28 .. It does indeed contain the two sub directories... as per usual.. ad...@adamg-laptop:~$ sudo bash r...@adamg-laptop:~# id uid=0(root) gid=0(root) groups=0(root) r...@adamg-laptop:~# cd /home/adamg r...@adamg-laptop:~# ls -ld .gvfs ls: cannot access .gvfs: Permission denied r...@adamg-laptop:~# ls -la .gvfs ls: cannot access .gvfs: Permission denied r...@adamg-laptop:~# ls -l .gvfs ls: cannot access .gvfs: Permission denied Nope, root doesn't seem to have access to it... just doesn't work r...@adamg-laptop:~# ls -ld drwxr-xr-x 76 adamg adamg 3296 2008-12-18 21:28 . root does have permissions on the parent directory (/home/adamg) r...@adamg-laptop:~# mount /dev/sda3 on / type reiserfs (rw,notail) gvfs-fuse-daemon on /home/adamg/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=adamg) Just a normal reiserfs V3 file system... nothing special here... However, the second line of output does tell us a lot more about what is going on :) It is a mountpoint, and what is inside is it's own FS So, probably better to pass --one-file-system to rsync rather than worrying about trying to exclude /proc, /sys, etc... Regards, Adam -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklMgYUACgkQGyoxogrTyiVDkwCeP+ZZuZt8fz7tOMn78PhpqtJ1 QtkAoJrVY5Ty8JWAbvYvHn0Burdsjaa5 =nFqq -END PGP SIGNATURE- -- ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] Permission denied during backup
Glassfox wrote: Hello, I want to backup my localhost completely and just backup the root folder with some excludes (proc, sys, media and backuppc pool folder). Backup was successful, but if I look at the error log file there are a lot of Permission denied errors for the home folders, some files in the /root/ folder and some other folders. What is the best way to get also all this files/folders backuped? Thanks. Hi! Assuming you are doing rsync over ssh, you will simply need to change your setting according to this documentation: http://backuppc.sourceforge.net/faq/ssh.html#how_can_client_access_as_root_be_avoided The issue at hand is: you will need root access to the files, but obviously you are using another user for the backup, which is a very good idea. Sudo does the trick. Hope this helps, /johan +-- |This was sent by wild...@yahoo.de via Backup Central. |Forward SPAM to ab...@backupcentral.com. +-- -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/ -- Johan Ehnberg Email: jo...@ehnberg.net GSM: +358503209688 WWW: http://www.ehnberg.net/johan/ -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
