On 07/07/14 02:01, raceface wrote:
Hi all,
I denied root to login via ssh on my server running backuppc, so I
changed the TarClientRestorCmd to
/usr/bin/sudo /tar/tarRestore -x -p --numeric-owner --same-owner -v -f
- -C $shareName
my tarRestore is
#!/bin/sh
exec /bin/tar -M -x -f - "$@"
I get the following error
Running: /usr/bin/sudo /tar/tarRestore -x -p --numeric-owner
--same-owner -v -f - -C /
Running: /usr/share/backuppc/bin/BackupPC_tarCreate -h localhost -n 0
-s / -t -r /var/www -p /var/www/ /var/www/index.html
Xfer PIDs are now 27885,27886
/bin/tar: Options `--f' and `--f' both want standard input
Try `/bin/tar --help' or `/bin/tar --usage' for more information.
Tar exited with error 512 () status
restore failed: BackupPC_tarCreate failed
exec /bin/tar -M -x -f - -x -p --numeric-owner --same-owner -v -f - -C /
Now do you see the problem?
You have two choices, remove the "-f -" from the $@ or else remove the
"-f -" from your script.
In fact, you should probably check each parameter in $@ and either omit
it (ie "-f -"), deny it (eg, -f /etc/passwd) or else permit it (eg -p)
You are trying to make the sudo safer, but you haven't done all the work
required to really make that happen.
Regards,
Adam
--
Adam Goryachev Website Managers www.websitemanagers.com.au
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
BackupPC-users mailing list
[email protected]
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
