From: Holger P. <wb...@pa...> - 2007-04-12 02:14:00
|
Hi, Eric Snyder wrote on 11.04.2007 at 20:15:50 [[BackupPC-users] Backing up localhost - permission question]: > I am setting up localhost to be backed up. In the help file at > http://backuppc.sourceforge.net/faq/localhost.html there is the > following blurb: > > "Make sure this script and all parent directories have no write > permission. Then remove the -c from $Conf{TarClientCmd} > <http://backuppc.sourceforge.net/faq/BackupPC.html#item__conf_tarclientcmd_> > and change the tar path:" > > Is this write permission for owner, group, others or all three? whatever makes sense (see below :). The point is that anyone with write permission to - and that's the important part - *either* script *or* *any* parent directory would be able to replace the script by something of his/her own creation, thus not only circumventing the supposed restriction (context: limiting priviledges given to the BackupPC user through sudo), but rather giving *anyone at all* with such write permission the possibility to run *any command* as root, if he can only get BackupPC to run (his modified version of) the script (i.e. initiate a backup or wait for a scheduled one). Owner write permission is not something you can meaningfully remove since the owner can chmod() a file/directory however he likes anyway (except maybe on ext2/3 if you make the file/dir immutable ...). This probably means that all parent directories and the script itself should be *owned by root* and *not writeable* for group and others. Actually, I'd recommend not using that approach at all. If I'm not completely mistaken [read: it is documented and proves to work that way on Debian sarge ;-], you can achieve the same with a sudoers line like backuppc ALL = NOPASSWD: /bin/tar -c * You just need to make sure you always pass the -c as first and separate argument to tar (in $Conf{TarClientCmd}), as the following will all *not* match, because in all cases the first argument to tar is not '-c': /bin/tar -v -c ... /bin/tar -cf ... /bin/tar c -f ... Note that automatic restores through the web interface will no longer work, as BackupPC cannot initiate the TarClientRestoreCmd (tar -x). Was your question related to the thread you are referencing ("BackupPC_link errors")? Regards, Holger |