Too secure to make a backup...
To keep safe copies of configuration, archives, etc., I would generally run a cron job to rsync to a second server, Linode2.
However, the mailman directory is owned by mailman which has no home directory and a login programme of /bin/false.
The obvious solution would be to run my rsync as root. However, sshd is configured not to allow root logins.
I can't do this as my "normal" user, as this user has no rights to the mailman directory - and quite rightly so.
Another possible solution would be to relax the no root logins restriction, as my sshd is configured to answer only to specific IP addresses (actually that's a firewall rule, not an sshd one). But I am not comfortable with this.
There are other ways, where root could make a tarball, chown it and then the "normal" user do the transfer, but this is just too messy. Backups with rsync are just so neat and simple - except when security gets in the way.
Anyone got any bright ideas?
4 Replies
use sshkeys with the command option specificed.
and then in ur sshd u allow
PermitRootLogin forced-commands-only
that way u can only ever login with a sshkey that has a forced command and ur set
(L2 as root) Set up a user for backups--I call my user 'backup'. That user has a home directory and write access to the place I want to put my backups. Assign a password you can remember for a bit.
(L1 as root) mkdir /etc/backup
(L1 as root) ssh-keygen -b2048 -tdsa -f /etc/backup/id_dsa #do not set a password
(L1 as root) chmod 500 /etc/backup
(L1 as root) chmod 400 /etc/backup/id_dsa /etc/backup/id_dsa.pub
(L1 as root) scp /etc/backup/id_dsa.pub backup@Linode2:
(L2 as backup) mkdir ~/.ssh
(L2 as backup) chmod 700 ~/.ssh
(L2 as backup) mv ~/id_dsa.pub ~/.ssh/authorized_keys
At this point you should be able to ssh from Linode1 to Linode2 as backup without a password. Now you just need to set up the cron job to do backups.
The following example assumes two things:
* A) The files to be backup up are in /etc/mailman and /etc/postfix on L1
B) You want the files stored in /mnt/backup/ on L2</list>
(L1 as root) export BACKUP_FILE=/mnt/backup/backup-`date +%Y-%b-%e-%H%M%S`.tgz && tar -C /etc/ -zcpf - mailman postfix | ssh -i /etc/backup/id_dsa backup@Linode1 "cat > $BACKUP_FILE"
The quotes in that command are important. Without them, the shell eats the redirect and messes everything up.
Put something like that into cron. It doesn't necessarily have to run as root, as long as who it runs as can read all the files to be backed up. If you change who it runs as, don't forget to chown /etc/passwd and the files inside.
And don't forget, the pipe chain leading up to ssh can be anything that dumps it's output to stdout. If, say, you were backing up to an untrusted machine, you could pipe the tar output through an encryption program which encrypts the data with your public key. Then when you need to restore something, you just grab the file, decrypt it with your private key and extract the files you need. Neat huh?
I hope that helps you. If you have any questions post them here or find me on IM some time.
–James