Re: [BackupPC-users] sudoers
2009-01-22 15:41:49
On Thu, Jan 22, 2009 at 01:39:34PM -0600, Terri Kelley wrote:
>
> On Jan 22, 2009, at 12:14 PM, Rob Owens wrote:
>
> > On Wed, Jan 21, 2009 at 10:15:43PM -0600, Terri Kelley wrote:
> >> Ok, apparently I am particularly dense tonight. I have had the
> >> following error when setting up a host:
> >>
> >>> Remote[1]: rsync: push_dir#3 "/home/backuppc/15" failed: No such
> >>> file
> >>> or directory (2)
> >>> Remote[1]: rsync error: errors selecting input/output files, dirs
> >>> (code 3) at main.c(602) [sender=2.6.8]
> >>> Read EOF:
> >>> Tried again: got 0 bytes
> >>> fileListReceive() failed
> >>
> >> The above directory doesn't exist and shouldn't and I don't have it
> >> anywhere in backuppc for that host.
> >>
> >> So I am trying to test using rsync via command line from the backuppc
> >> server to test the problem. The host server automatically backs up
> >> its
> >> files to a directory/files owned etc by root and I am trying to
> >> backup
> >> that host to backuppc. If I rsync from the backuppc server as root,
> >> that works. So I am trying to rsync as backuppc user. I have entered
> >> the following in visudo on the host:
> >>
> >> ## Allow root to run any commands anywhere
> >> root ALL=(ALL) ALL
> >> backuppc ALL=NOPASSWD:/usr/local/bin/backuppc-rsync
> >> backuppc ALL=NOPASSWD:/root/backups/
> >>
> > I don't think that last line is right. You are supposed to list a
> > command that the user can run, and "/root/backups/" is not a command.
> >
> > You seem to want to give user "backuppc" read access to /root/
> > backups/, but is not being accomplished. If you want to specify a
> > specific path that backuppc is allowed to back up, you need
> > something like:
> >
> > ALL=NOPASSWD: /usr/bin/rsync --server --sender *
>
> The backuppc-rsync above refers to the following script:
>
> #!/bin/sh -f
> exec /usr/bin/rsync --server --sender $*
>
What's the $ for? I don't use that and I'm not sure if it would have any
adverse effects.
> And you are right, I want user backuppc to have read access to /root/
> backups (owned etc by root) since that server itself creates its on
> backups and stores them there. I had put the /root/backups in visudo
> because of the trouble I was having and I guess I was punting.
>
> From the backuppc server as root (have to type in password) this works:
> rsync -avz -e "ssh -p 22" myserver.domain.net:/root/backups /var/tmp/
> pwrnctmpback/rsyncmanual
>
> From the backuppc server as user "backuppc" this results in the
> mentioned push_dir failure:
> rsync -avz -e "ssh -p 22 -l backuppc" --rsync-path "/usr/bin/sudo /usr/
> local/bin/backuppc-rsync" myserver.domain.net:/root/backups /var/tmp/
> pwrnctmpback/rsyncmanual
>
Try it like this:
sudo rsync -avz -e "ssh -p 22 -l backuppc" --rsync-path
"/usr/local/bin/backuppc-rsync" myserver.domain.net:/root/backups
/var/tmp/pwrnctmpback/rsyncmanual
I think you should consider getting rid of your backuppc-rsync script and just
put /usr/bin/rsync --server --sender * (or $* if there's good reason for it) in
sudoers.
-Rob
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
|
|