Re: [BackupPC-users] specifying differerent user in RsyncClientCmd

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

> On 1/17/2011 12:18 AM, itismike wrote:
> > I'm running an Ubuntu client with ecryptFS enabled. Since my home
> > directory is encrypted, I'd like to perform the backup as myself rather
> > than root so the files are browsable by me and restore is possible.

while I don't really know what the entails, I would like to point out one
thing: the user "backuppc" on the BackupPC server machine has (and needs)
non-interactive and passwordless access to your files. There is no way around
that if you want non-interactive backups.

So, while you might be protected against root on the *client machine* (not
sure about that, but I suppose you know what you're doing), you are *not*
protected against root on the *BackupPC server* (unless there is some
mechanism preventing him to "su - backuppc") or anyone else that can gain
access to the backuppc account there or access the private ssh key you use for
the connection (or the BackupPC pool files, obviously).

That might be fine in your case, but I think it is worth mentioning.

> > So my intent is to put my username in the RsyncClientCmd and
> > RsyncClientRestoreCmd commands like this:
> > $sshPath -q -x -l michael $host $rsyncPath $argList+
> >
> > The problem is I haven't been able to get past the message below:
> > 2011-01-16 14:03:16 full backup started for directory /
> > 2011-01-16 14:03:17 Got fatal error during xfer (Unable to read 4 bytes)
> > 2011-01-16 14:03:22 Backup aborted (Unable to read 4 bytes)
> >
> > [...] I set up ssh-keygen and can establish passwordless ssh connections
> > between the server and client (and vice-versa.)

Vice-versa is not needed. Actually, if we're talking about the same thing, it
is not a good idea.

Bowie Bailey wrote on 2011-01-17 10:56:31 -0500 [Re: [BackupPC-users] specifying differerent user in RsyncClientCmd]:
> Are you testing as the backuppc user?  Make sure you can establish a
> passwordless connection from the backuppc user on the server to your client.

In particular, there must be no extraneous output. Make sure you can

	backuppc@backuppc-server% ssh -q -x -l michael ubuntu-client /bin/true
	backuppc@backuppc-server%

and get exactly *no output* from that. Furthermore, make sure rsync is
actually installed (I've been surprised that it wasn't more than once ...),
e.g.

	backuppc@backuppc-server% ssh -q -x -l michael ubuntu-client /usr/bin/rsync --foo
	rsync: --foo: unknown option
	rsync error: syntax or usage error (code 1) at main.c(1443) [client=3.0.7]

(that should give an rsync usage error similar to the above, not a shell
error message "command not found").

Other things to note:
- You might want or need to use an alternate ssh identity, e.g.

	backuppc@backuppc-server% ssh -i /var/lib/backuppc/.ssh/id_michael_rsa -q -x -l michael ubuntu-client ...

  If you do, your RsyncClientCmd/RsyncClientRestoreCmd needs to reflect that,
  or you need to set it up in ~backuppc/.ssh/config . This is probably only
  the case if you are backing up several different hosts.
- You do *not* need (and should not have) passwordless access to the
  BackupPC server from the client, i.e.

	michael@ubuntu-client% ssh -l backuppc backuppc-server ...

  should prompt you for a password (or deny access). There is no point in
  setting up passwordless logins in that direction, and doing so would mean
  that anyone capable of becoming michael@ubuntu-client had full access to
  your BackupPC pool (possibly containing backups of other hosts).

Hope that helps.

Regards,
Holger