BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] secure install?

2013-02-22 11:01:31
Subject: Re: [BackupPC-users] secure install?
From: The Lunatic <lunatic AT lhaven DOT net>
To: "General list for user discussion, questions and support" <backuppc-users AT lists.sourceforge DOT net>
Date: Fri, 22 Feb 2013 09:59:51 -0600 

On 02/20/2013 17:30, Les Mikesell wrote:
> On Wed, Feb 20, 2013 at 4:35 PM, Rajeev Prasad <rp.neuli AT yahoo DOT com> 
> wrote:
>> I could not understand below properly at
>> http://backuppc.sourceforge.net/faq/security.html
>>
>> "While this setup should be safe, a more conservative approach is to run a
>> dedicated Apache as user __BACKUPPCUSER__ on a different port. Then
>> BackupPC_Admin no longer needs to be setuid, and the cgi directories can be
>> locked down from normal users. Moreover, this setup is exactly the one used
>> to support mod_perl, so this provides both the highest performance and the
>> lowest security risk."
> 
> The normal configuration has apache running as one user id, and
> backuppc as another.  However, the web interface needs to be able to
> access the backuppc data so the cgi script needs suild permissions.
> 

On my old ubuntu server it had setuid set on the BackupPC_Admin, but
that system is perl 5.10 based.

My new server uses perl 5.14 (and I think it was 5.12 forward that
removed setuid), so I use apache/mod_suexec.

On another server using nginx, I have a separate fastcgi server that
runs as backuppc.

> 
>> as i understand, I do not have to install anything on my win7 PC, other
>> linux servers, VMs etc. to back them up. if not correct pl let me know.
> 
> Normally linux will have rsync and ssh as part of the distribution and
> all you have to do is set up ssh keys for passwordless access.  On
> windows you get a file-share client's view of the data which won't be
> enough for a bare-metal restore.   Some people prefer to install
> cygwin ssh and rsync on windows, but it is not absolutely required.
> 

Backing up through the Windows administrative shares was a problem, for
me....there were times where Microsoft would break smbclient from
working, and I'd have to wait for a newer smbclient to have backups
working again.  I did try the cygwin ssh/rsync, though its not an easy
install.  Now, I use DeltaCopy to do rsyncd on my Windows systems.

I use rsyncd for most of my *ix systems.


-- 
  Name: Lawrence "The Dreamer" Chen        Email: lunatic AT lhaven DOT net
 Snail: 1530 College Ave, A5                 URL: http://www.lhaven.net
        Manhattan, KS 66502-2768
  Blog: http://lawrencechen.net            Phone: 785-789-4132


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [BackupPC-users] secure install?, Tyler J. Wagner
Next by Date:  Re: [BackupPC-users] secure install?, Les Mikesell
Previous by Thread:  Re: [BackupPC-users] secure install?, Les Mikesell
Next by Thread:  Re: [BackupPC-users] secure install?, Les Mikesell
Indexes:  [Date] [Thread] [Top] [All Lists]