Too secure to make a backup...

I have mailman running on what I will call Linode1.

To keep safe copies of configuration, archives, etc., I would generally run a cron job to rsync to a second server, Linode2.

However, the mailman directory is owned by mailman which has no home directory and a login programme of /bin/false.

The obvious solution would be to run my rsync as root. However, sshd is configured not to allow root logins.

I can't do this as my "normal" user, as this user has no rights to the mailman directory - and quite rightly so.

Another possible solution would be to relax the no root logins restriction, as my sshd is configured to answer only to specific IP addresses (actually that's a firewall rule, not an sshd one). But I am not comfortable with this.

There are other ways, where root could make a tarball, chown it and then the "normal" user do the transfer, but this is just too messy. Backups with rsync are just so neat and simple - except when security gets in the way.

Anyone got any bright ideas?

4 Replies

i had a simular problem that i solved basicly using rdiff-backup..

use sshkeys with the command option specificed.

and then in ur sshd u allow

PermitRootLogin forced-commands-only

that way u can only ever login with a sshkey that has a forced command and ur set :D

Thanks. That's not an ssh option of which I was aware - have to read up on that.

yeah i wasnt aware of it either til someone pointed it out to me, its very handy to use :)

I dealt with this problem a long time ago, so there may be better options now, but here's how I do it. Steps with L1 are to be done on Linode1, steps with L2 are on Linode2.

(L2 as root) Set up a user for backups--I call my user 'backup'. That user has a home directory and write access to the place I want to put my backups. Assign a password you can remember for a bit. 

(L1 as root) mkdir /etc/backup

(L1 as root) ssh-keygen -b2048 -tdsa -f /etc/backup/id_dsa #do not set a password

(L1 as root) chmod 500 /etc/backup

(L1 as root) chmod 400 /etc/backup/id_dsa /etc/backup/id_dsa.pub

(L1 as root) scp /etc/backup/id_dsa.pub backup@Linode2:

(L2 as backup) mkdir ~/.ssh

(L2 as backup) chmod 700 ~/.ssh

(L2 as backup) mv ~/id_dsa.pub ~/.ssh/authorized_keys

At this point you should be able to ssh from Linode1 to Linode2 as backup without a password. Now you just need to set up the cron job to do backups.

The following example assumes two things:
* A) The files to be backup up are in /etc/mailman and /etc/postfix on L1

B) You want the files stored in /mnt/backup/ on L2</list> 
(L1 as root) export BACKUP_FILE=/mnt/backup/backup-`date +%Y-%b-%e-%H%M%S`.tgz && tar -C /etc/ -zcpf - mailman postfix | ssh -i /etc/backup/id_dsa backup@Linode1 "cat > $BACKUP_FILE"

The quotes in that command are important. Without them, the shell eats the redirect and messes everything up.

Put something like that into cron. It doesn't necessarily have to run as root, as long as who it runs as can read all the files to be backed up. If you change who it runs as, don't forget to chown /etc/passwd and the files inside.

And don't forget, the pipe chain leading up to ssh can be anything that dumps it's output to stdout. If, say, you were backing up to an untrusted machine, you could pipe the tar output through an encryption program which encrypts the data with your public key. Then when you need to restore something, you just grab the file, decrypt it with your private key and extract the files you need. Neat huh?

I hope that helps you. If you have any questions post them here or find me on IM some time.

–James

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct