BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] secure install?

2013-02-20 18:32:19
Subject: Re: [BackupPC-users] secure install?
From: Les Mikesell <lesmikesell AT gmail DOT com>
To: Rajeev Prasad <rp.neuli AT yahoo DOT com>, "General list for user discussion, questions and support" <backuppc-users AT lists.sourceforge DOT net>
Date: Wed, 20 Feb 2013 17:30:49 -0600 
On Wed, Feb 20, 2013 at 4:35 PM, Rajeev Prasad <rp.neuli AT yahoo DOT com> 
wrote:
> I could not understand below properly at
> http://backuppc.sourceforge.net/faq/security.html
>
> "While this setup should be safe, a more conservative approach is to run a
> dedicated Apache as user __BACKUPPCUSER__ on a different port. Then
> BackupPC_Admin no longer needs to be setuid, and the cgi directories can be
> locked down from normal users. Moreover, this setup is exactly the one used
> to support mod_perl, so this provides both the highest performance and the
> lowest security risk."

The normal configuration has apache running as one user id, and
backuppc as another.  However, the web interface needs to be able to
access the backuppc data so the cgi script needs suild permissions.

> do I need to run another instance of apache on my webserver? I have a
> webserver running (ubuntu) and I can have a virtual website for backupPC
> running on a specific port, is that not enough?

That is normally enough - but it really depends on how much you trust
the code in other web sites you run on the same box and other admins
that might be allowed to edit them.

> as i understand, I do not have to install anything on my win7 PC, other
> linux servers, VMs etc. to back them up. if not correct pl let me know.

Normally linux will have rsync and ssh as part of the distribution and
all you have to do is set up ssh keys for passwordless access.  On
windows you get a file-share client's view of the data which won't be
enough for a bare-metal restore.   Some people prefer to install
cygwin ssh and rsync on windows, but it is not absolutely required.

> Pl give hints/examples etc. I am planning to use this software to backup the
> webserver itself and few other machines connected to it -> to a windows
> network share (dedicated for backup)!

You can't use a windows network share (or any windows filesystem) for
your backup storage because backuppc uses hardlinks extensively to
pool duplicate data.    Also, I don't really consider storage on the
same machine to be a reasonable backup, although it can be handy for
quick fixes.

-- 
   Les Mikesell
     lesmikesell AT gmail DOT com

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [BackupPC-users] secure install?, Rajeev Prasad
Next by Date:  Re: [BackupPC-users] secure install?, Rajeev Prasad
Previous by Thread:  [BackupPC-users] secure install?, Rajeev Prasad
Next by Thread:  Re: [BackupPC-users] secure install?, The Lunatic
Indexes:  [Date] [Thread] [Top] [All Lists]