Hi,
Simon Fishley wrote on 2009-03-30 12:42:36 +0200 [[BackupPC-users] BackupPC on
OpenSolaris]:
> I have been trying to get this added to the Wiki on SourceForge but it
> refuses to save my changes. Here then is a guide to installing
> BackupPC on OpenSolaris10. Please will someone try and get it onto
> the wiki?
I have been trying to find the time to do so for a few days, but I haven't got
around to it yet. Still, there is one thing I want to point out:
> INSTALL BACKUPPC on SOLARIS (running onSunOS 5.10 Generic_138889-05
> i86pc i386 i86pc). **Credit for all this hard work goes to Garith
> Dugmore - THE Solaris Man.**
> [...]
> * For the next step hit enter for the defaults except for:
>
> /opt/csw/bin/perl configure.pl
>
> 1. --> BackupPC should run as user [backuppc]? nobody
I think it is a really bad idea to run BackupPC as user nobody. There seems to
be no reason not to create a 'backuppc' user. As far as I understand it, the
'nobody' user is used for daemons that do not need to own any files or access
any specially protected files. This is not the case for BackupPC. The whole
pool (all your backup data) is owned by BackupPC. If someone manages to gain
'nobody' privileges (!) on your system, they can read and even write to all
of your backup data. True, the same holds for 'backuppc' privileges if you use
that user, but the 'nobody' user is used for other services as well, possibly
including services that are not much trusted. After all, if your service
cannot be attacked and abused, why not just run it as 'root'? You lower the
privileges to what is needed as a safeguard, and 'nobody' is a sort of
"least-privilege-pool" for services that are supposed to have no privileges at
all (but suddenly they do: they can read the BackupPC pool). root NFS access
gets mapped to 'nobody' by default (for whatever that is actually worth;
actually it means any 'root' with NFS access to your server can probably
create setuid 'nobody' programs).
> [...]
> * Configure BackupPC startup script
>
> cd /etc/init.d/ ; touch backuppc
> Insert the following into the backuppc file you just created:
That's kind of 'cat <<EOF > /etc/init.d/backuppc', isn't it? :)
> [...]
> start)
> #
> # You can set the SMB share password here is you wish. Otherwise
> # you should put it in the config.pl script.
> # If you put it here make sure this file has no read permissions
> # for normal users! See the documentation for more information.
> #
> #BPC_SMB_PASSWD=
> #export BPC_SMB_PASSWD
> #
> su nobody -c "/usr/local/BackupPC/bin/BackupPC -d"
One 'nobody' also found here ...
> [...]
> restart)
> /usr/bin/pkill -f "/usr/bin/perl /usr/local/BackupPC/bin/BackupPC -d"
> su nobody -c "/usr/local/BackupPC/bin/BackupPC -d"
... and one here.
> [...]
> usermod -s /usr/bin/bash nobody
Presuming that is Solaris' version of 'chsh': I'm not sure that is a good
idea (or even necessary) for much the same reasons. What was it before?
/bin/false?
> [...]
> * Setup up /opt/csw/etc/sudoers ; append:
>
> nobody ALL=NOPASSWD: /usr/sfw/bin//gtar
> nobody ALL=NOPASSWD: /usr/bin/env
That's a free root shell for 'nobody', isn't it? Why did you add that?
> nobody ALL=NOPASSWD: /usr/bin/ssh
> nobody ALL=NOPASSWD: /opt/csw/bin/rsync
'tar' and 'rsync' are free access to any file on the system, even those not in
the backup (read: /etc/shadow). I'm not sure what you would put 'env' and 'ssh'
in there for.
> Configure Apache2 (you may need to install apache)
Is Apache run as 'nobody'? Or is BackupPC_Admin setuid 'nobody'? ;-)
Regards,
Holger
------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
