From: Holger P. <wb...@pa...> - 2013-10-15 11:07:07
|
Hi, Les Mikesell wrote on 2013-10-15 00:09:11 -0500 [Re: [BackupPC-users] Problem with backup via samba]: > On Mon, Oct 14, 2013 at 8:53 PM, bubolski <bac...@ba...> wrote: > > Problem SOLVED > > > > backuppc user must have Administrator and Backup Operator permission. well, no, apparently not. See below. In any case, what does "Backup Operator" add that "Administrator" does not have? > > [...] > > Next step is downgrade smbclient from 3.6.3 to 3.5.11 using this one of this repository : > > http://www.tolaris.com/apt-repository/ > > > > and after add this repository to source.list type this in backuppc command line: > > > > sudo apt-get update > > sudo apt-get install smbclient=2:3.5.11~dfsg-1ubuntu2.3 samba-common=2:3.5.11~dfsg-1ubuntu2.3 samba=2:3.5.11~dfsg-1ubuntu2.3 libwbclient0=2:3.5.11~dfsg-1ubuntu2.3 samba-common-bin=2:3.5.11~dfsg-1ubuntu2.3 You're sort of saying, "after downgrading smbclient, downgrade smbclient". And "install samba" - why would you do that, unless, of course, it already is installed and you're just downgrading it? Actually, if samba really *is* installed and running, you should *seriously* consider an alternative way of providing a downgraded smbclient to BackupPC. > > Samba 3.6.3 is bugged and it can't properly list for example C$/Users > > folder. Without downgrade you will get next error about > > nt_status_access_denied listing. As I understand the matter, what you call a "bug" would seem to be either a security fix or a bug fix. In any case, it's a change of behaviour. It's quite common that code that *relies* on a bug will break when the bug is fixed. Unfortunate as that may be, that does not invalidate the fix. > > Hope it will help to someone :) Actually, an *explanation* of what is happening and *why* and *how* you are fixing things would permit the reader to judge for himself. Simply saying "this is what you need to do" sort of means "trust my competence without me demonstrating it". > Sounds like this issue: > https://bugzilla.redhat.com/show_bug.cgi?id=753531 Thank you for providing that link. The Fedora bug report in turn links to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653207 which contains a more detailed description and discussion of the problem. To summarize, apparently smbclient previously reported but otherwise ignored some access errors, while it will now abort on those same errors. To prevent the abort, you can either revert to a previous version of smbclient or prevent the errors from happening in the first place (by giving administrator rights to the user you are connecting as). Security-wise, running a backup with full administrative rights is horrible, as is using outdated software with known security bugs fixed in later versions. You should do both as a last resort only. In any case, I don't see the point in both avoiding and then ignoring the errors (when they no longer happen). The bug report does not mention Windoze 7 junction points, so these might trigger yet another problem. Ultimately, it might even turn out that you need both the downgrade and the administrative rights, yet that would warrant thorough investigation and an explanation - and maybe even a workaround within the BackupPC code if one is possible. Hope that helps. Regards, Holger |