BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] Setup of rsync via SSH with unprivileged user 'backuppc'

2015-03-23 19:45:32
Subject: Re: [BackupPC-users] Setup of rsync via SSH with unprivileged user 'backuppc'
From: Wolfgang Karall <lists+backuppc-users AT karall-edv DOT at>
To: "General list for user discussion, questions and support" <backuppc-users AT lists.sourceforge DOT net>
Date: Tue, 24 Mar 2015 00:24:26 +0100 
Hello,

On 15-03-15 15:12:36, Benjamin Redling wrote:
> On 2015-03-15 12:40, Adam Goryachev wrote:
> > On 14/03/2015 22:08, Angus Kerr wrote:
> [...]
> >>                 #Sudoers file for backuppc user to run rsync
> >>
> >>                 backuppc ALL=NOPASSWD: /usr/bin/rsync
> >>
> > 
> > Note that this will give the user root access easily enough. The user
> > could create the file they want in /tmp, and then use sudo rsync to
> > overwrite the target file (or copy a file they don't have read access to
> > a location they do have access, including another machine). Therefore,
> > this entire process is hardly worth the effort and additional complexity
> [...]
> 
> A lot of sources at least agree on that being unsafe.
> AFAIK rrsync should be the proper way and justify the effort.
> 
> e.g. http://www.guyrutenberg.com/2014/01/14/restricting-ssh-access-to-rsync/

Another possibility is to run the backup once (actually, one full, one
incremental) and check the logs for the rsync commands used:

Mar 20 08:02:26 host sudo: backuppc : TTY=unknown ;
PWD=/var/lib/backuppc ; USER=root ; COMMAND=/usr/bin/rsync --server
--sender --numeric-ids --perms --owner --group -D --links --hard-links
--times --block-size=2048 --recursive --checksum-seed=32761 . /

Mar 23 08:06:24 host sudo: backuppc : TTY=unknown ;
PWD=/var/lib/backuppc ; USER=root ; COMMAND=/usr/bin/rsync --server
--sender --numeric-ids --perms --owner --group -D --links --hard-links
--times --block-size=2048 --recursive --checksum-seed=32761
--ignore-times . /

And then restrict the sudoers entries using the full commands, i.e.
/usr/bin/rsync with all the options as per the log entries instead of
just /usr/bin/rsync, which should prevent rsync being used to overwrite
arbitrary files.

Obviously that doesn't help against the "read and copy any files to
wherever the backuppc user can copy files to", which is sometimes also
called "doing a backup". ;)

In addition, I'd suggest using at least the from= option for the
authorized_keys entry, like for example

from="<backuppc-server-ip>",no-pty,no-port-forwarding,no-agent-forwarding,
no-X11-forwarding

Cheers
Wolfgang

Attachment: signature.asc
Description: Digital signature

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [BackupPC-users] Backup PCs behind an ADSL router, Adam Goryachev
Next by Date:  Re: [BackupPC-users] Windows VSS Snapshot and cygwin-rsyncd, higuita
Previous by Thread:  Re: [BackupPC-users] Setup of rsync via SSH with unprivileged user 'backuppc', Carl Wilhelm Soderstrom
Next by Thread:  Re: [BackupPC-users] Setup of rsync via SSH with unprivileged user 'backuppc', Carl Wilhelm Soderstrom
Indexes:  [Date] [Thread] [Top] [All Lists]