Re: Self Introduction: Randy Barlow

[Richard Shaw]

On Mon, Nov 2, 2015 at 3:05 AM, Petr Spacek  wrote:

>
> Generally principle of least privileges is okay, so I agree with your
> proposal
> in general.
>
> On the other hand I have to ask if the server must be running under root?
> Shoudn't it run under a dedicated user, e.g. 'aribackup'?
>
> In that case filesystem permissions should be root:aribackup 770.


Hmm... I don't know why I didn't think of that as a long time BackupPC
user...

So a  user could be setup but would they need to be setup as a sudo'er like
BackupPC?

Thanks,
Richard
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Self Introduction: Randy Barlow

[Petr Spacek]

On 1.11.2015 18:54, Randy Barlow wrote:
> On 10/07/2015 01:37 PM, Randy Barlow wrote:
>> I've filed a request to add a new package called ari-backup:
> 
>> https://bugzilla.redhat.com/show_bug.cgi?id=1269609
> 
> My package reviewer and I had some questions about whether the
> permissions I have set in my spec file are justifiable or not. This
> software is a backup server, and the spec file I have created
> configured the backup store (/var/lib/ari-backup) to have restrictive
> permissions (root:root, 0700). The reasoning is that I didn't want to
> assume that it would be OK for other users who may have access to the
> backup server to be able to see files from other systems that have
> been stored there.
> 
> Additionally, the folder /etc/ari-backup/jobs.d contains job
> configuration files, and is also configured for 0700. This is to
> prevent any information about what is being backed up (and how it is
> being backed up) from leaking. The backup jobs in there are Python
> scripts, and can contain arbitrary code to be executed during the
> backup jobs.
> 
> What do others think? Are the permissions I have selected in my spec
> file appropriate for a backup server?

Generally principle of least privileges is okay, so I agree with your proposal
in general.

On the other hand I have to ask if the server must be running under root?
Shoudn't it run under a dedicated user, e.g. 'aribackup'?

In that case filesystem permissions should be root:aribackup 770.

-- 
Petr Spacek  @  Red Hat
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Self Introduction: Randy Barlow

[Randy Barlow]

Petr Spacek wrote:
> On the other hand I have to ask if the server must be running under root?
> Shoudn't it run under a dedicated user, e.g. 'aribackup'?
> 
> In that case filesystem permissions should be root:aribackup 770.

Hi Petr!

ari-backup is really just a convenient wrapper around rdiff-backup.
rdiff-backup can be run as a non-root user, but running it as root on
the backup server has the advantage of allowing it to preserve the
ownership information of the files being backed up. This way, the backup
store has the same UID/GIDs as the source, which can be convenient
during restores.

If you find this concerning, I may be able to rework ari-backup to make
the user that jobs get run under configurable (with a default to an
ari-backup user). Users like me who prefer to backup files with the
privileges needed to maintain the ownership could simply adjust a
configuration file. Do you think that would be a good way to go?

-- 
Randy Barlow
xmpp: bowlofe...@electronsweatshop.com
irc:  bowlofeggs on Freenode



signature.asc
Description: OpenPGP digital signature
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Self Introduction: Randy Barlow

[Randy Barlow]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 10/07/2015 01:37 PM, Randy Barlow wrote:
> I've filed a request to add a new package called ari-backup:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1269609

My package reviewer and I had some questions about whether the
permissions I have set in my spec file are justifiable or not. This
software is a backup server, and the spec file I have created
configured the backup store (/var/lib/ari-backup) to have restrictive
permissions (root:root, 0700). The reasoning is that I didn't want to
assume that it would be OK for other users who may have access to the
backup server to be able to see files from other systems that have
been stored there.

Additionally, the folder /etc/ari-backup/jobs.d contains job
configuration files, and is also configured for 0700. This is to
prevent any information about what is being backed up (and how it is
being backed up) from leaking. The backup jobs in there are Python
scripts, and can contain arbitrary code to be executed during the
backup jobs.

What do others think? Are the permissions I have selected in my spec
file appropriate for a backup server?

- -- 
R
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCgAGBQJWNlHEAAoJEHhEzLg73SRi30AP/37NkJEKbU0gObQ+vilkgRwM
xV/nKACEXYV1YKz6RIch/PrVF9pGoVmPsXMEnVr3SHYL+nuCXRlwbQuLci4id9JS
3b/rudUScW5IMVAinvCsWuep03ryOc72qr57o2lrjijh1jiGyw2pRtWXknUzaxZD
igChWE/zZ16BaSpGrRQegG38cySo/SwaCz16xseHop0GhN+ZGxGETwIVOUEHg0ar
hJPJnvK/18EtzsU1XheVk/vA13EdpGbPmGglt5ljeDfdJunM/4LVMX8bUQQ9hvLV
GPIpc/8DvBH+V+MLgSQrsRfqBQo+gopdwNSl8OjHeoD4bRg1PFdI7ezAf4bQL6l6
nVPaLQ0+iGgc5J9AtuDpVqT2Zk5a/ywymis6zEgYN71vM7Gw8CqC1qLT0iwDFlVa
DZ+Kz1eMYGgH6Q9bte6kkxoVOhNaY7jlhoKCcCa8LQLGEGxaX2GpT5VTkhpa0r90
7sXhUW1sonvHZoNXB9Dtcv++3OmLuvnqqmAg5PVOPiTtsX+3yar4sU8/qDm8kFWO
vJV+QYucsuqLW9icJuLazf1LK/Q18Rxg3bzQtyW6sD8gafI4wFoYxReR8FOzA5vi
c/TOAFNKdNK+4kkn1RD5zeefouOhO0dbCTqZGGu2z2sTSyhkYqNZajj8ICTw4kE5
0bCKtYsaWj8DN92IkDzp
=GNAx
-END PGP SIGNATURE-
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct