|
hi,
next step of my adventure ,
the trouble is definetly with selinux and is "temporary" solved by setenforce 0
now i have to found how to change the selinux policy to work with setenforce 1...
any advice are still welcome...
best regards
> Message du 24/06/14 10:22
> De : "abel elenas"
> A : "Holger Parplies" , "General list for user discussion questions and support"
> Copie à :
> Objet : Re: [BackupPC-users] Error: directory is empty ... on cgi/website
>
>
> hi
>
> ok , alot of thing to do for me here ...
>
> So, the trouble are related to a migration of /var/lib/backuppc from one hard drive to another... i have done my best to make a copy with not changing anything but i obviously have failed...
>
> second , when i give the read access i have not done it, on all my directory tree , not permanently, it's done on a computer a know , with nothing sensitive on it , for debugging purpose ...
> It's a " is this mess relative to a file access rights ? no ok let's pass to the next, thing"
>
> In my case the backuppc user can launch the backuppc script without trouble.
> If i am the apache user i can launch the /usr/share/BackupPC/sbin/BackupPC_Admin and get a web page , ok this is fine
> the right on this file is :
> -rwsr-x--- 1 backuppc apache 4176 févr. 23 03:57 /usr/share/BackupPC/sbin/BackupPC_Admin
>
> so i guess that this script is indeed launch as backuppc user, and backuppc user can launch the restor script. And here we are.
>
> selinux is enabled on the pc.
> The backuppc have run fine before the data migration.
> thebackuppc uuid seems the same everywhere
> i don't know selinux very well so i'm not able to launch any command to test if thing are good on this side.
>
> But what actually drive my crazy is, that i have not the single line tellings me that something goes wrong in my logs...
> nothing.
>
> Is there any way to run the BackupPC_Admin script at and with the good argument so that he try to browse a pc ?
>
> is there any way to do , in command line the "same" thing that happens when i try to browse on the website. Cause currently with the site logging nothing i can't investigate in any way...
>
> Message du 24/06/14 03:00
> De : "Holger Parplies"
> A : "abel elenas" , "General list for user discussion, questions and support"
> Copie à :
> Objet : Re: [BackupPC-users] Error: directory is empty ... on cgi/website
>
>
> Hi,
>
> abel elenas wrote on 2014-06-23 13:03:31 +0200 [[BackupPC-users] Error: directory is empty ... on cgi/website]:
> >
> > trying to restore a backup recently i've got this message on the backup website :
> > [...]
> > [Directory] /var/lib/BackupPC//pc/toto/65 is empty
> >
> > indeed the folder is not empty , and i can restore some file by command line
> > [...]
> > The basic rights thing are ok , and i have allready try to chmod a+r on
> > none accessible backup
>
> first of all, 'chmod a+r' is always wrong, and it basically translates to "I
> have no idea how 'the basic rights thing' works".
>
> 1.) Only two things should have access to your backups:
> - the backuppc user and
> - the BackupPC CGI script (BackupPC_Admin or whatever your Linux
> distribution may have renamed it to).
> Giving "others" read permission to your backups means that anyone on the
> machine (and possibly anyone able to abuse any service provided by the
> machine) can read any data in the backup, including, if you back it up,
> sensitive system information (such as /etc/shadow) or private user data.
>
> You accomplish that preferably by running the BackupPC_Admin script as
> the backuppc user (by means of setuid or a web server mechanism such as
> suexec), or, if that is for some reason totally impossible, at least
> restricing access to a group the web server is in (this would still be
> exploitable via a malicious or buggy CGI script). What you don't do is
> give the web server *and anyone else* read permission - particularly on
> a web server, where a misconfiguration would mean "the whole world is
> allowed to see these files".
>
> 2.) Permissions don't suddenly "go bad". If it worked before, then some change
> led to your problems. Chances are that change was *not* someone
> restricting permissions on the files in question. The correct fix is to
> find and undo that change. Or to at least *understand* the change and
> work around it.
>
> The question to ask is: since when does it not work? What was done at this
> point in time? You might have copied your data to a different hard disk,
> done a system upgrade, installed a new kernel, ...
>
> 3.) In any case, you'd need +rx on directories - +r alone won't help much.
> In particular, you'd also need the permissions on all *parent
> directories*, so changing some individual pc/hostname/nnn directories
> is very unlikely to have any effect whatsoever - luckily, I'd say in this
> case.
>
> > thing that can be instersting is :
> >
> > ls 65 :
> > backupInfo fd$
> >
> > yep no attrib file there ... i will found one in fd$ ...
>
> I don't think there should be one there, so, no, that's not interesting, apart
> from telling us that you have a single share named 'd$' :-).
>
> > si if anyone have any clue tips on how to reallow my website to see my
> > backup...
>
> SElinux? Incorrect permissions on BackupPC_Admin? Upgrade to Perl without
> setuid support? Change of backuppc's UID? Your web server is running on a
> different machine and you changed any of a number of things?
>
> If it's not obvious, the tip is: tell us at least *something* about your
> setup, so we can stop guessing. Tell us what you recently changed ("recently"
> meaning "before things stopped working"). Please confirm that it actually
> *did* work at some point in the past.
>
> Hope that helps.
>
> Regards,
> Holger
>
> P.S.: The fact that you can apparently restore files from the command line
> seems to indicate that it's only a matter of BackupPC_Admin not being
> able to access the directories while the contents are, in fact, ok ...
>
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft _______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
