Welcome to the new location of Alien's Wiki, sharing a single dokuwiki install with the SlackDocs Wiki.

Welcome to Eric Hameleers (Alien BOB)'s Wiki pages.

Differences

This shows you the differences between two versions of the page.

--- linux:rsnapshot [2006/03/21 12:28] – alien
+++ linux:rsnapshot [2008/11/24 22:08] – Some clarifications and re-formatting. alien
@@ Line 19: / Line 19: @@
 Good example docs about how to set this up are:\\
-  http://blog.innerewut.de/articles/2005/05/25/remote-filesystem-snapshots-with-rsnapshot
+http://blog.innerewut.de/articles/2005/05/25/remote-filesystem-snapshots-with-rsnapshot
 and it's follow-up article:\\
-  http://blog.innerewut.de/articles/2005/06/03/follow-up-on-remote-filesystem-snapshots-with-rsnapshot
+http://blog.innerewut.de/articles/2005/06/03/follow-up-on-remote-filesystem-snapshots-with-rsnapshot
 as well as some improvements to this:\\
-  http://sourceforge.net/mailarchive/forum.php?thread_id=8991705&forum_id=41320
+http://sourceforge.net/mailarchive/forum.php?thread_id=8991705&forum_id=41320
@@ Line 38: / Line 40: @@
     local# ssh remote-server
     ; you might have to create the directory ~/.ssh if it doesnt exist:
-    ; "chmod 600 ~/.ssh ; chown rbackup ~/.ssh"
+    ; "chmod 700 ~/.ssh ; chown rbackup ~/.ssh"
     ; if you don't get the permissions on ~/.ssh and ~/.ssh/authorized_keys right,
     ; passwordless login will FAIL!
@@ Line 60: / Line 62: @@
   * Create a user "//rbackup//", which should be un-privileged, i.e. should not be part of the "//wheel//" group.
   * Append the //BACKUPSERVER//'s rbackup user's public key to the //REMOTE// rbackup's ''~/.ssh/authorized_keys'' and modify it to allow access from one specific machine (the backupserver), only allowed to run one specific command. This is for security reasons of course. <code>
-    from="192.168.200.34",command="/home/rbackup/validate-rsync.sh" ssh-rsa
+from="192.168.200.34",command="/home/rbackup/validate-rsync.sh" ssh-rsa
-    AAAAB3NzaC1yc2EAAAAB.......0i9yTN7QTrcqKU9ugIesi3+EZnw5ES5wbpo8=
+AAAAB3NzaC1yc2EAAAAB.......0i9yTN7QTrcqKU9ugIesi3+EZnw5ES5wbpo8=
-    rbackup@TheVault</code>
+rbackup@TheVault
-  * Create the ''/home/rbackup/validate-rsync.sh'' validation script with these contents: <code>
+</code> Make sure your version of **''from="192.168.200.34"''** contains the IP address of your rsnapshot server!
-    #!/bin/sh
+  * Create the ''/home/rbackup/validate-rsync.sh'' validation script with these contents: <code bash>
-    case "$SSH_ORIGINAL_COMMAND" in
+#!/bin/sh
-    *\&*)
+case "$SSH_ORIGINAL_COMMAND" in
+  *\&*)
     echo "Rejected 1"
     ;;
-    *\;*)
+  *\;*)
     echo "Rejected 2"
     ;;
@@ Line 75: / Line 78: @@
     $SSH_ORIGINAL_COMMAND
     ;;
-    *true*)
+  *true*)
     echo $SSH_ORIGINAL_COMMAND
     ;;
-    *)
+  *)
     echo "Rejected 3"
     ;;
-    esac
+esac
-</code>  and ''chmod 754 /home/rbackup/validate-rsync.sh'' to make it executable.
+</code>  and run the following commands to make it executable for user ''rbackup'': <code>
+chown rbackup /home/rbackup/validate-rsync.sh
+chmod 754 /home/rbackup/validate-rsync.sh
+</code>
   * Create a wrapper script for rsync (which uses sudo) in ''/usr/local/bin/rsync_wrapper.sh'' which contains: <code>#!/bin/sh
 /usr/bin/sudo /usr/bin/rsync "$@";
 </code>
-  * Add this line to ''/etc/sudoers'': <code>rbackup ALL = NOPASSWD: /usr/bin/rsync</code>
+  * Add this line to ''/etc/sudoers'' so that user ''rbackup'' can run the wrapper's ''rsync'' command with //root// privileges: <code>rbackup ALL = NOPASSWD: /usr/bin/rsync</code>

Trace:

Differences

Search

Navigation

Print/export

Tools

SlackDocs

Slackware Links