|
Re: [BackupPC-users] Problem with key generation in Ubuntu 8.04 (LTS)
2010-03-15 22:20:43
Hi, Les
I don't know how to restrict with ssh what commands backuppc user can run as root, that's why I use visudo/sudoers
I use backuppc user with sudo to do the backup so I may have keys with passphrase for ssh as root (or not allow ssh as root at all).
As I understood it, this way, even if you allow root to ssh, to gain control with ssh as root, you'll need the public key and the passphrase.
To gain access as backuppc user, you only need the key, but you can't gain control as root because of visudo limitations. Unless, as I think you meant, you allow restore as sudo, then you gain nothing. So I don't allow direct restore. (btw, is there a way to remove that option from the gui?)
Of course, I can do that because I use BackupPC to backup my machines, so I am the only user. And I can even change visudo temporarly to allow direct restore if I really want it.
Do I make sense?
Of course, if I had users, a way for each user to do direct restores only to their homes as themselves would be nice, I guess. But I don't see how.
Luis
On Mon, Mar 15, 2010 at 11:05 PM, Les Mikesell <lesmikesell AT gmail DOT com> wrote:
On 3/13/2010 9:47 AM, Luis Paulo wrote:
>
> * the link I sent uses a different approach. You ssh as backuppc user
> and then you sudo to do the backup - $Conf{RsyncClientCmd}. Your rsa
> keys for backuppc user on both machines don't have password, but the
> root keys may now have passwords.
>
> * If you could sudo as backuppc to run any command, we will not have
> gain much.
>
> * Thats where visudo comes to restrict the commands a user can run as
> root (sudo)
Ssh is equally capable of restricting the commands that can be run
directly. But either way, if you allow files to be restored as root,
someone who has the ssh key and understands the process basically owns
the machine.
--
Les Mikesell
lesmikesell AT gmail DOT com
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev _______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [BackupPC-users] Problem with key generation in Ubuntu 8.04 (LTS), (continued)
- Re: [BackupPC-users] Problem with key generation in Ubuntu 8.04 (LTS), Giorgio Emanuel
- Re: [BackupPC-users] Problem with key generation in Ubuntu 8.04 (LTS), Luis Paulo
- Re: [BackupPC-users] Problem with key generation in Ubuntu 8.04 (LTS), Luis Paulo
- Re: [BackupPC-users] Problem with key generation in Ubuntu 8.04 (LTS), Luis Paulo
- Message not available
- Message not available
- Message not available
- Re: [BackupPC-users] Problem with key generation in Ubuntu 8.04 (LTS), Luis Paulo
- Re: [BackupPC-users] Problem with key generation in Ubuntu 8.04 (LTS), Les Mikesell
- Re: [BackupPC-users] Problem with key generation in Ubuntu 8.04 (LTS),
Luis Paulo <=
- Re: [BackupPC-users] Problem with key generation in Ubuntu 8.04 (LTS), Carl Wilhelm Soderstrom
- Re: [BackupPC-users] Problem with key generation in Ubuntu 8.04 (LTS), Luis Paulo
- Re: [BackupPC-users] Problem with key generation in Ubuntu 8.04 (LTS), Carl Wilhelm Soderstrom
- Re: [BackupPC-users] Problem with key generation in Ubuntu 8.04 (LTS), Luis Paulo
- Re: [BackupPC-users] Problem with key generation in Ubuntu 8.04 (LTS), Carl Wilhelm Soderstrom
- Re: [BackupPC-users] Problem with key generation in Ubuntu 8.04 (LTS), Luis Paulo
|
|
|
