Hi,
> On 1/17/2011 12:18 AM, itismike wrote:
> > I'm running an Ubuntu client with ecryptFS enabled. Since my home
> > directory is encrypted, I'd like to perform the backup as myself rather
> > than root so the files are browsable by me and restore is possible.
while I don't really know what the entails, I would like to point out one
thing: the user "backuppc" on the BackupPC server machine has (and needs)
non-interactive and passwordless access to your files. There is no way around
that if you want non-interactive backups.
So, while you might be protected against root on the *client machine* (not
sure about that, but I suppose you know what you're doing), you are *not*
protected against root on the *BackupPC server* (unless there is some
mechanism preventing him to "su - backuppc") or anyone else that can gain
access to the backuppc account there or access the private ssh key you use for
the connection (or the BackupPC pool files, obviously).
That might be fine in your case, but I think it is worth mentioning.
> > So my intent is to put my username in the RsyncClientCmd and
> > RsyncClientRestoreCmd commands like this:
> > $sshPath -q -x -l michael $host $rsyncPath $argList+
> >
> > The problem is I haven't been able to get past the message below:
> > 2011-01-16 14:03:16 full backup started for directory /
> > 2011-01-16 14:03:17 Got fatal error during xfer (Unable to read 4 bytes)
> > 2011-01-16 14:03:22 Backup aborted (Unable to read 4 bytes)
> >
> > [...] I set up ssh-keygen and can establish passwordless ssh connections
> > between the server and client (and vice-versa.)
Vice-versa is not needed. Actually, if we're talking about the same thing, it
is not a good idea.
Bowie Bailey wrote on 2011-01-17 10:56:31 -0500 [Re: [BackupPC-users]
specifying differerent user in RsyncClientCmd]:
> Are you testing as the backuppc user? Make sure you can establish a
> passwordless connection from the backuppc user on the server to your client.
In particular, there must be no extraneous output. Make sure you can
backuppc@backuppc-server% ssh -q -x -l michael ubuntu-client /bin/true
backuppc@backuppc-server%
and get exactly *no output* from that. Furthermore, make sure rsync is
actually installed (I've been surprised that it wasn't more than once ...),
e.g.
backuppc@backuppc-server% ssh -q -x -l michael ubuntu-client
/usr/bin/rsync --foo
rsync: --foo: unknown option
rsync error: syntax or usage error (code 1) at main.c(1443)
[client=3.0.7]
(that should give an rsync usage error similar to the above, not a shell
error message "command not found").
Other things to note:
- You might want or need to use an alternate ssh identity, e.g.
backuppc@backuppc-server% ssh -i /var/lib/backuppc/.ssh/id_michael_rsa
-q -x -l michael ubuntu-client ...
If you do, your RsyncClientCmd/RsyncClientRestoreCmd needs to reflect that,
or you need to set it up in ~backuppc/.ssh/config . This is probably only
the case if you are backing up several different hosts.
- You do *not* need (and should not have) passwordless access to the
BackupPC server from the client, i.e.
michael@ubuntu-client% ssh -l backuppc backuppc-server ...
should prompt you for a password (or deny access). There is no point in
setting up passwordless logins in that direction, and doing so would mean
that anyone capable of becoming michael@ubuntu-client had full access to
your BackupPC pool (possibly containing backups of other hosts).
Hope that helps.
Regards,
Holger
------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand
malware threats, the impact they can have on your business, and how you
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
