Re: [BackupPC-users] Backing up localhost - permission question

[Holger Parplies]

Hi,

Eric Snyder wrote on 11.04.2007 at 20:15:50 [[BackupPC-users] Backing up 
localhost - permission question]:
> I am setting up localhost to be backed up. In the help file at 
> http://backuppc.sourceforge.net/faq/localhost.html there is the 
> following blurb:
> 
> "Make sure this script and all parent directories have no write 
> permission. Then remove the -c from $Conf{TarClientCmd} 
> <http://backuppc.sourceforge.net/faq/BackupPC.html#item__conf_tarclientcmd_> 
> and change the tar path:"
> 
> Is this write permission for owner, group, others or all three?

whatever makes sense (see below :). The point is that anyone with write
permission to - and that's the important part - *either* script *or* *any*
parent directory would be able to replace the script by something of his/her
own creation, thus not only circumventing the supposed restriction (context:
limiting priviledges given to the BackupPC user through sudo), but rather
giving *anyone at all* with such write permission the possibility to run
*any command* as root, if he can only get BackupPC to run (his modified
version of) the script (i.e. initiate a backup or wait for a scheduled one).

Owner write permission is not something you can meaningfully remove since
the owner can chmod() a file/directory however he likes anyway (except
maybe on ext2/3 if you make the file/dir immutable ...).

This probably means that all parent directories and the script itself should
be *owned by root* and *not writeable* for group and others. Actually, I'd
recommend not using that approach at all. If I'm not completely mistaken
[read: it is documented and proves to work that way on Debian sarge ;-],
you can achieve the same with a sudoers line like

        backuppc ALL = NOPASSWD: /bin/tar -c *

You just need to make sure you always pass the -c as first and separate
argument to tar (in $Conf{TarClientCmd}), as the following will all *not*
match, because in all cases the first argument to tar is not '-c':

        /bin/tar -v -c ...
        /bin/tar -cf ...
        /bin/tar c -f ...

Note that automatic restores through the web interface will no longer work,
as BackupPC cannot initiate the TarClientRestoreCmd (tar -x).


Was your question related to the thread you are referencing
("BackupPC_link errors")?

Regards,
Holger

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/