On 02/20/2013 17:30, Les Mikesell wrote:
> On Wed, Feb 20, 2013 at 4:35 PM, Rajeev Prasad <rp.neuli AT yahoo DOT com>
> wrote:
>> I could not understand below properly at
>> http://backuppc.sourceforge.net/faq/security.html
>>
>> "While this setup should be safe, a more conservative approach is to run a
>> dedicated Apache as user __BACKUPPCUSER__ on a different port. Then
>> BackupPC_Admin no longer needs to be setuid, and the cgi directories can be
>> locked down from normal users. Moreover, this setup is exactly the one used
>> to support mod_perl, so this provides both the highest performance and the
>> lowest security risk."
>
> The normal configuration has apache running as one user id, and
> backuppc as another. However, the web interface needs to be able to
> access the backuppc data so the cgi script needs suild permissions.
>
On my old ubuntu server it had setuid set on the BackupPC_Admin, but
that system is perl 5.10 based.
My new server uses perl 5.14 (and I think it was 5.12 forward that
removed setuid), so I use apache/mod_suexec.
On another server using nginx, I have a separate fastcgi server that
runs as backuppc.
>
>> as i understand, I do not have to install anything on my win7 PC, other
>> linux servers, VMs etc. to back them up. if not correct pl let me know.
>
> Normally linux will have rsync and ssh as part of the distribution and
> all you have to do is set up ssh keys for passwordless access. On
> windows you get a file-share client's view of the data which won't be
> enough for a bare-metal restore. Some people prefer to install
> cygwin ssh and rsync on windows, but it is not absolutely required.
>
Backing up through the Windows administrative shares was a problem, for
me....there were times where Microsoft would break smbclient from
working, and I'd have to wait for a newer smbclient to have backups
working again. I did try the cygwin ssh/rsync, though its not an easy
install. Now, I use DeltaCopy to do rsyncd on my Windows systems.
I use rsyncd for most of my *ix systems.
--
Name: Lawrence "The Dreamer" Chen Email: lunatic AT lhaven DOT net
Snail: 1530 College Ave, A5 URL: http://www.lhaven.net
Manhattan, KS 66502-2768
Blog: http://lawrencechen.net Phone: 785-789-4132
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|