[PLUG] Re: BackupPC question?

Sean Harbour sean at harbours.us
Wed Apr 27 05:13:23 UTC 2005 

Thanks Keith, some good points. Our default policy is to leave the rsync share read only, and only accessible by the backup server. I manually adjust the local rsync settings before attempting to restore something. I think I'll make sure the rsync settings exclude access to .ssh directories tomorrow. :-)

That said, it doesn't even get to the point of transfering a file, it just quits as soon as it receives the rsync share name and descriptive comment. I'll see if I can get some decent debug info tomorrow. 

Sean Harbour

On Tue, 26 Apr 2005 22:39:19 -0700
Keith Lofstrom <keithl at kl-ic.com> wrote:

> 
> Sean Harbour <sean at harbours.us> writes:
> > 
> > I've got a good solid BackupPC server that has been running for
> > about 6 months now. The other day I noticed that I can't restore
> > a file to different client other than the one I backed up. I'm
> > using rsync as the transfer method. So far everything works fine
> > except for this one glitch. Has anybody else run into this? The
> > error I get on the web interface is 'unexpected response' then
> > the name of the rsync share. Rsync is set up identically across
> > all the linux clients, and it doesn't matter which machine I try
> > to restore to, it only works if the files were backed up from that
> > machine to begin with.
> 
> I don't know BackupPC, but there may be differences between the
> UID or GID numbers of the two machines for the user whose file
> you are trying to move.  You may learn something by looking at
> /etc/passwd for the two different machines.
> 
> That said, I would call this a feature, not a problem.  If one of
> your machines is security-compromised, you really don't want that
> machine to be able to request backed-up information (say ~/.ssh)
> from other machines and then compromise them, too.  I would think
> long and hard about the security advantages of this behavior before
> trying to bypass it.  I assume the designers intended BackupPC to
> behave this way.
> 
> Keith
> 
> -- 
> Keith Lofstrom          keithl at keithl.com         Voice (503)-520-1993
> KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
> Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug

More information about the PLUG mailing list