Menu
▾
▴
Re: [Bobs-devel] backup over nfs ok, but files not visibles with the php web interface
|
From: Joe Z. <jz...@co...> - 2004-12-08 05:43:58
|
Sylvain MEILARD wrote: >I think i won't be easy... Apache should have reading right on backuped files. > > Or something in the web interface needs elevated privileges, like a setuid program that is limited to only extracting the directory listing. >So cmdloop should additionaly back up uids'owners of files, and then make >apache the owner. When restoring files, cmdloop would have to change again the >owner of backed up files to be restored, and then restore them (and then >remake apache own the files). The problem is that it would be hard to avoid a >bad user to restore files on which he has no right... > > No. rsync will keep the numeric uid on the file. cmdloop runs as root so it won't have a permission problem restoring. When you select something to restore, cmdloop processes the request. >For now, what append if a user try to restore files on which he has no right ? > > If he can select the file to restore in the bobs interface, cmdloop will restore it. >cmdloop does a "su user -" before rsyncing ? It implies that uid have to be >synchronized between the bobs'machine and machines to be backed up, isn't it ? > > > No. rsync retains the original uid. Here's a directory listing from one of my backups that contains users not on the bobs system: drwx------ 2 507 502 4096 Nov 7 15:47 bounce drwx------ 25 507 502 4096 Oct 17 17:51 info drwx------ 2 505 502 4096 Dec 5 05:20 intd drwx------ 25 507 502 4096 Oct 17 17:51 local drwxr-x--- 2 505 502 4096 Oct 17 17:51 lock drwxr-x--- 25 505 502 4096 Oct 17 17:51 mess drwx------ 2 505 502 4096 Dec 5 05:20 pid drwx------ 25 507 502 4096 Oct 17 17:51 remote drwxr-x--- 2 505 502 4096 Dec 5 05:20 todo The only problem is not being able to view/select files to restore through the bobs web interface if the directory is not publicly readable. The restore itself is fine. Joe |
