[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [suse-security] Secure Backup



I use BackupPC as backup software and had to think about similar situation. Basically BackupPC does login via SSH (root) and starts tar on the remore host. I did not want to give the BackupPC user root permissions and i did not want to allow user BackupPC to run tar
as root (just allowing him to run tar with certain paramaters).

I came up with the following solution (should be easy to adopt to rsync):

the first shell script is used as login shell for user backuppc, the second is the wrapper script that calls tar and ensures its only called with the right parameters (script looks complicated, but thats just due to the parameter processing for BackupPC). You need to configure sudo to allow the backup user to execute your wrapper script with root permissions.

Hope this helps and gives you some ideas

peace,
Tom

p.s.: i hope i dont do something very bad here, security wise. if someone finds something really crappy here, i would be glad if they let me know :)


--->8------------------------------------------------------

#!/bin/bash
#
# Simple shellscript that is called as login shell
# for the backup user. All it does, is calling the
# tar wrapper script via sudo
#

shift
sudo /usr/local/bin/tar-wrap $*

--------------------------->8------------------------------

the backuppc user is allowed to call tar-wrap via sudo with
root rights.

#!/bin/sh
#
# client side tar wrapper for BackupPC
# Patch of Tar.pm is needed to send "--exclude=name" as "name"
#
# 20th Feb. 2003: V1.0b, Thomas Seliger
#                 - initial release

#
# PARAMETER DOCUMENTATION
# -----------------------
#
# $1 is backupmode (fbackup|ibackup|restore)
#
# $1 is backupmode (fbackup|ibackup|restore)
#
# if backupmode fbackup:
#  $2 is sharename
#  $3 - $* are the tar "--excluse=" excludes (last . ist omitted)
#
# if backupmode ibackup:
#  $2 is sharename
#  $3 is "--newer=" date parameter for tar
#  $4 - $* are the excludes (last . ist omitted)
#
# if backupmode restore:
#  $2 is sharename



############################################################################################
# Configuration Settings
############################################################################################

ALLOW_RESTORE="no"
TAR_CMD=/bin/tar


############################################################################################
# Dirty Code ahead ;)
############################################################################################



case "$1" in

  fbackup)
    # Save sharename (Argument2)
    SHARENAME=$2

    # Shift twice to have only the exclude arguments left
    shift 2

    # Generate the --excludes for tar, but omit the "."
    EX_TEMP=$*
    EXCLUDES=""

    for DIR in $EX_TEMP; do
      if [ $DIR != . ]; then
         EXCLUDES=$EXCLUDES" --exclude=$DIR"
      fi
    done
    $TAR_CMD -c -v -f - -C "$SHARENAME" --totals $EXCLUDES .
  ;;

  ibackup)
    # Save sharename (Argument2), tar newer paramter (Argument3)
    SHARENAME=$2
    NEWER=$3

    # Shift three times to have only the exclude arguments left
    shift 3

    # Generate the --excludes for tar, but omit the "."
    EX_TEMP=$*
    EXCLUDES=""
    for DIR in $EX_TEMP; do
      if [ $DIR != . ]; then
         EXCLUDES=$EXCLUDES" --exclude=$DIR"
      fi
    done
$TAR_CMD -c -v -f - -C "$SHARENAME" --totals --newer="$NEWER" $EXCLUDES .
  ;;

  restore)
    if [ $ALLOW_RESTORE=yes ]; then
      $TAR_CMD -x -p --numeric-owner --same-owner -v -f - -C "$2"
    else
      echo Restore not allowed!
      exit 111
    fi
  ;;

  *)
    echo No argument given
    echo Usage: tar-wrap fbackup\|ibackup\|restore param1 param2
  ;;

esac


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here