[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [suse-security] Secure Backup
I use BackupPC as backup software and had to think about similar
situation. Basically BackupPC does login via SSH (root) and starts tar
on the remore host. I did not want to give the BackupPC user root
permissions and i did not want to allow user BackupPC to run tar
as root (just allowing him to run tar with certain paramaters).
I came up with the following solution (should be easy to adopt to rsync):
the first shell script is used as login shell for user backuppc, the
second is the wrapper script that calls tar and ensures its only
called with the right parameters (script looks complicated, but thats
just due to the parameter processing for BackupPC). You need to
configure sudo to allow the backup user to execute your wrapper script
with root permissions.
Hope this helps and gives you some ideas
peace,
Tom
p.s.: i hope i dont do something very bad here, security wise. if
someone finds something really crappy here, i would be glad if they let
me know :)
--->8------------------------------------------------------
#!/bin/bash
#
# Simple shellscript that is called as login shell
# for the backup user. All it does, is calling the
# tar wrapper script via sudo
#
shift
sudo /usr/local/bin/tar-wrap $*
--------------------------->8------------------------------
the backuppc user is allowed to call tar-wrap via sudo with
root rights.
#!/bin/sh
#
# client side tar wrapper for BackupPC
# Patch of Tar.pm is needed to send "--exclude=name" as "name"
#
# 20th Feb. 2003: V1.0b, Thomas Seliger
# - initial release
#
# PARAMETER DOCUMENTATION
# -----------------------
#
# $1 is backupmode (fbackup|ibackup|restore)
#
# $1 is backupmode (fbackup|ibackup|restore)
#
# if backupmode fbackup:
# $2 is sharename
# $3 - $* are the tar "--excluse=" excludes (last . ist omitted)
#
# if backupmode ibackup:
# $2 is sharename
# $3 is "--newer=" date parameter for tar
# $4 - $* are the excludes (last . ist omitted)
#
# if backupmode restore:
# $2 is sharename
############################################################################################
# Configuration Settings
############################################################################################
ALLOW_RESTORE="no"
TAR_CMD=/bin/tar
############################################################################################
# Dirty Code ahead ;)
############################################################################################
case "$1" in
fbackup)
# Save sharename (Argument2)
SHARENAME=$2
# Shift twice to have only the exclude arguments left
shift 2
# Generate the --excludes for tar, but omit the "."
EX_TEMP=$*
EXCLUDES=""
for DIR in $EX_TEMP; do
if [ $DIR != . ]; then
EXCLUDES=$EXCLUDES" --exclude=$DIR"
fi
done
$TAR_CMD -c -v -f - -C "$SHARENAME" --totals $EXCLUDES .
;;
ibackup)
# Save sharename (Argument2), tar newer paramter (Argument3)
SHARENAME=$2
NEWER=$3
# Shift three times to have only the exclude arguments left
shift 3
# Generate the --excludes for tar, but omit the "."
EX_TEMP=$*
EXCLUDES=""
for DIR in $EX_TEMP; do
if [ $DIR != . ]; then
EXCLUDES=$EXCLUDES" --exclude=$DIR"
fi
done
$TAR_CMD -c -v -f - -C "$SHARENAME" --totals --newer="$NEWER"
$EXCLUDES .
;;
restore)
if [ $ALLOW_RESTORE=yes ]; then
$TAR_CMD -x -p --numeric-owner --same-owner -v -f - -C "$2"
else
echo Restore not allowed!
exit 111
fi
;;
*)
echo No argument given
echo Usage: tar-wrap fbackup\|ibackup\|restore param1 param2
;;
esac
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here