Re: [BackupPC-users] Problem with backup via samba

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

Les Mikesell wrote on 2013-10-15 00:09:11 -0500 [Re: [BackupPC-users] Problem with backup via samba]:
> On Mon, Oct 14, 2013 at 8:53 PM, bubolski <bac...@ba...> wrote:
> > Problem SOLVED
> >
> > backuppc user must have Administrator and Backup Operator permission.

well, no, apparently not. See below. In any case, what does "Backup Operator"
add that "Administrator" does not have?

> > [...]
> > Next step is downgrade smbclient from 3.6.3 to 3.5.11 using this one of this repository :
> > http://www.tolaris.com/apt-repository/
> >
> > and after add this repository to source.list type this in backuppc command line:
> >
> > sudo apt-get update
> > sudo apt-get install smbclient=2:3.5.11~dfsg-1ubuntu2.3 samba-common=2:3.5.11~dfsg-1ubuntu2.3 samba=2:3.5.11~dfsg-1ubuntu2.3 libwbclient0=2:3.5.11~dfsg-1ubuntu2.3 samba-common-bin=2:3.5.11~dfsg-1ubuntu2.3

You're sort of saying, "after downgrading smbclient, downgrade smbclient". And
"install samba" - why would you do that, unless, of course, it already is
installed and you're just downgrading it? Actually, if samba really *is*
installed and running, you should *seriously* consider an alternative way of
providing a downgraded smbclient to BackupPC.

> > Samba 3.6.3 is bugged and it can't properly list for example C$/Users
> > folder. Without downgrade you will get next error about
> > nt_status_access_denied listing.

As I understand the matter, what you call a "bug" would seem to be either a
security fix or a bug fix. In any case, it's a change of behaviour. It's quite
common that code that *relies* on a bug will break when the bug is fixed.
Unfortunate as that may be, that does not invalidate the fix.

> > Hope it will help to someone :)

Actually, an *explanation* of what is happening and *why* and *how* you are
fixing things would permit the reader to judge for himself. Simply saying
"this is what you need to do" sort of means "trust my competence without me
demonstrating it".

> Sounds like this issue:
> https://bugzilla.redhat.com/show_bug.cgi?id=753531

Thank you for providing that link. The Fedora bug report in turn links to
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653207
which contains a more detailed description and discussion of the problem.
To summarize, apparently smbclient previously reported but otherwise ignored
some access errors, while it will now abort on those same errors. To prevent
the abort, you can either revert to a previous version of smbclient or prevent
the errors from happening in the first place (by giving administrator rights to
the user you are connecting as). Security-wise, running a backup with full
administrative rights is horrible, as is using outdated software with known
security bugs fixed in later versions. You should do both as a last resort
only. In any case, I don't see the point in both avoiding and then ignoring
the errors (when they no longer happen).

The bug report does not mention Windoze 7 junction points, so these might
trigger yet another problem. Ultimately, it might even turn out that you need
both the downgrade and the administrative rights, yet that would warrant
thorough investigation and an explanation - and maybe even a workaround within
the BackupPC code if one is possible.

Hope that helps.

Regards,
Holger