Hi Tino,

Am 24.03.2011 um 11:03 schrieb Tino Schwarze:

Hi Mike,

On Wed, Mar 23, 2011 at 10:22:37PM +0100, Fresel Michal - hi competence e.U. wrote:

well - prefer "up and running" packages :)

I've not yet bothered to try or build a package of BackupPC - since in
my installation, everything is in /backup/backuppc anyway.

as the /etc should contain just the config for (localhost-specific) i would say "backuppc-config" may stay there ...

Reading the "Configuration file" on wikipedia it seems for the client config there might be an exeption:
"Server processes often use configuration files stored in /etc, but they may also use their installation directory or a location defined by the system administrator."

as this are not really localhost (server) specific the admin is allowed to specify another path - so client-credentials are allowed to be somewhere else?
Maybe usefully encrypted together with the data?

It's not an issue of BackupPC installation where you put your ssh keys.
If your are using multiple keys for client access, you need to specify
them in your per-client configuration anyway and ssh doesn't care
whether you use "-i /home/someuser/.ssh/id_dsa-client1" or "-i

Note that BackupPC's main distribution is just a .tar.gz, not a
Debian/XYZ binary package. You might want to contact your package
maintainer about the default home directory of your backuppc user etc.
It's a detail of the setup (context) of BackupPC, not a detail of
BackupPC itself.

Or am I missing your point?


it's not about the ssh-keys
they are on the encrypted volume as the home of backuppc-user points to /var/lib/backuppc already 

the issue is: 
the credentials for SMB and rsyncd are stored plaintext within the config-files of the hosts
cat /etc/backuppc/testing01.pl
$Conf{RsyncdPasswd} = 'passw0rd';
$Conf{RsyncdUserName} = 'my_remote_user';
$Conf{XferMethod} = 'smb';
$Conf{SmbSharePasswd} = 'passw0rd';
$Conf{SmbShareUserName} = 'my_remote_user';

Furthermore its world-readable (-rw-r--r--) - .... well - this might be an issue of the packaging ...(here: debian 6 + backuppc 3.2.0 - testing)

The point is: 
both credentials (username and password) are stored plantext 
it would be nice to put it so somewhere like __TOPDIR__/credentials/testing01.pl

so you can encrypt the whole __TOPDIR__ to provide confidentiality