Welcome to the new location of Alien's Wiki, sharing a single dokuwiki install with the SlackDocs Wiki.

Welcome to Eric Hameleers (Alien BOB)'s Wiki pages.

If you want to support my work, please consider a small donation:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
linux:rsnapshot [2006/03/30 11:38] alienlinux:rsnapshot [2008/11/24 22:08] – Some clarifications and re-formatting. alien
Line 62: Line 62:
   * Create a user "//rbackup//", which should be un-privileged, i.e. should not be part of the "//wheel//" group.   * Create a user "//rbackup//", which should be un-privileged, i.e. should not be part of the "//wheel//" group.
   * Append the //BACKUPSERVER//'s rbackup user's public key to the //REMOTE// rbackup's ''~/.ssh/authorized_keys'' and modify it to allow access from one specific machine (the backupserver), only allowed to run one specific command. This is for security reasons of course. <code>   * Append the //BACKUPSERVER//'s rbackup user's public key to the //REMOTE// rbackup's ''~/.ssh/authorized_keys'' and modify it to allow access from one specific machine (the backupserver), only allowed to run one specific command. This is for security reasons of course. <code>
-    from="192.168.200.34",command="/home/rbackup/validate-rsync.sh" ssh-rsa  +from="192.168.200.34",command="/home/rbackup/validate-rsync.sh" ssh-rsa  
-    AAAAB3NzaC1yc2EAAAAB.......0i9yTN7QTrcqKU9ugIesi3+EZnw5ES5wbpo8= +AAAAB3NzaC1yc2EAAAAB.......0i9yTN7QTrcqKU9ugIesi3+EZnw5ES5wbpo8= 
-    rbackup@TheVault</code> +rbackup@TheVault 
-  * Create the ''/home/rbackup/validate-rsync.sh'' validation script with these contents: <code> +</code> Make sure your version of **''from="192.168.200.34"''** contains the IP address of your rsnapshot server! 
-    #!/bin/sh +  * Create the ''/home/rbackup/validate-rsync.sh'' validation script with these contents: <code bash
-    case "$SSH_ORIGINAL_COMMAND" in +#!/bin/sh 
-    *\&*)+case "$SSH_ORIGINAL_COMMAND" in 
 +  *\&*)
     echo "Rejected 1"     echo "Rejected 1"
     ;;     ;;
-    *\;*)+  *\;*)
     echo "Rejected 2"     echo "Rejected 2"
     ;;     ;;
Line 77: Line 78:
     $SSH_ORIGINAL_COMMAND     $SSH_ORIGINAL_COMMAND
     ;;     ;;
-    *true*)+  *true*)
     echo $SSH_ORIGINAL_COMMAND     echo $SSH_ORIGINAL_COMMAND
     ;;     ;;
-    *)+  *)
     echo "Rejected 3"     echo "Rejected 3"
     ;;     ;;
-    esac +esac 
-</code>  and ''chmod 754 /home/rbackup/validate-rsync.sh'' to make it executable.+</code>  and run the following commands to make it executable for user ''rbackup'': <code> 
 +chown rbackup /home/rbackup/validate-rsync.sh 
 +chmod 754 /home/rbackup/validate-rsync.sh 
 +</code> 
   * Create a wrapper script for rsync (which uses sudo) in ''/usr/local/bin/rsync_wrapper.sh'' which contains: <code>#!/bin/sh   * Create a wrapper script for rsync (which uses sudo) in ''/usr/local/bin/rsync_wrapper.sh'' which contains: <code>#!/bin/sh
 /usr/bin/sudo /usr/bin/rsync "$@"; /usr/bin/sudo /usr/bin/rsync "$@";
 </code> </code>
-  * Add this line to ''/etc/sudoers'': <code>rbackup ALL = NOPASSWD: /usr/bin/rsync</code>+  * Add this line to ''/etc/sudoers'' so that user ''rbackup'' can run the wrapper's ''rsync'' command with //root// privileges: <code>rbackup ALL = NOPASSWD: /usr/bin/rsync</code>
  

Trace: Eric

The rsnapshot backup solution ()
SlackDocs