Hi Luis (and others),
I've taken a little time to study the visudo approach to running
BackupPC instead of using phrase-less keys for root logon at the client
machine. This is a much lower risk, indeed.
On Ubuntu, Vim is the default editor for visudo with Vim-tiny included
in the distribution. When I tried to use Vim-tiny, I got some strange
results! I closed the session without save and upgraded to Vim-full.
The full version editor worked like it should.
I edited the sudoers file on the backuppc_server as follows:
# --------------backuppc-server machine sudoers -------------
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Uncomment to allow members of group sudo to not need a password
# %sudo ALL=NOPASSWD: ALL
# Host alias specification
Host_Alias LOCAL = <backuppc-server name>
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
# Uncomment the first line and comment the second to
# to RESTORE client. Switch them back after restore.
# backuppc LOCAL=NOPASSWD: /bin/tar -c *, /bin/tar -x *
backuppc LOCAL=NOPASSWD: /bin/tar -c *
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# ----------------- end backuppc-server sudoers --------------
I ran a backup (tar method) on the server's home directory just to check
that the server and backuppc were communicating. It ran fine.
Next, I edited the sudoers file on the client machine as follows:
-------------- client machine sudoers ------------------------
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Uncomment to allow members of group sudo to not need a password
# %sudo ALL=NOPASSWD: ALL
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
# Uncomment the first line and comment the second to
# to RESTORE client. Switch them back after restore.
# backuppc ALL=NOPASSWD: /usr/bin/rsync --server --sender *
backuppc ALL=NOPASSWD: /usr/bin/rsync --server *
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
----------- end client sudoers ------------------------------
Then, I created my ssh keys for the rsync transfer between the
backuppc-server and the client machines. If I understand things
correctly, I create two sets of keys similar to the root logon method
except that, for this method, the BackupPC key is phrase-less like
before, but the root key from the client machine can have a strong
password. The key generation seemed to go well with no errors.
When I ran the command
ssh -l root 192.168.1.101 whoami
the response was:
root <<--- Is this correct for the visudo method?
When I tried to run a full backup on the client I got the "failed to
read 4 bytes" error message indicating that the keys are bad or missing
or that I didn't do something else right.
Anyone see where I botched the switch over? -- ken
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|