Followup on BackupPC and changing UserIDs for daemons of Debian packages
I must have deleted the original, it's not in my inbox any more.
It's not supposed to be difficult to set up SSH logins using keys, and
it wasn't. If no command give, I got a shell. If a command was given,
it tried to execute that.
Next up, was to install "only".
http://at.magma-soft.at/sw/blog/posts/The_Only_Way_For_SSH_Forced_Commands/
I put it in /usr/local/bin.
The ~/.ssh/authorized key file only contained a single key (a ed25519
key). I prepended to that line
command="only
logger",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding
and a single space to separate that from the ssh-ed25519 ...
Only is designed to not run if there is no ~/.onlyrules, and it didn't.
Only does require the logger program (which is in bsdutils), so I
started testing with that.
I made a .onlyrules file, which only looks for a line which starts with
logger -i
And if it finds a line like that, it prints it, which causes it to be
executed.
I tried having it execute an "echo string" command, and that didn't
match the sed pattern, and I could see both success and failure in
auth.log and success in syslog. You could see that these commands were
executing under some unpriviledged user that I had used.
The next step, is to see if I can chain this to sudo, since in order to
do backups a person needs to be root to read the directories.
I've done Perl regex for almost 40 years. It would be nice if there
was some way to translate Perl regex to sed regex.
In terms of working with BackupPC, I think the thing to do is to only
write a "stanza" to backup a single directory. If you want to backup
10 directories on a remote computer, you will need 10 stanzas on the
BackupPC server. And this probably means any patterns you are looking
for are exclude patterns (in so far as rsync is concerned).
For general purpose computers on a LAN, as I see things the important
stuff to backup is /home (the user data). Some user data lives in
other places (like /var/lib/boinc-client or PostgreSQL, MariaDB, ...
databases). Backing up databases seems to need special fu anyway.
So it may be that for a LAN, all the "user" data can be backed up to a
single machine (be it with BackupPC or something else). But that
server probably needs to have /etc, /opt, and /usr/local backed up on
some kind of a basis. And it is silly to back it up, to itself.
So, I think in general you need 2 backup servers, one for user data and
one for the system data which is local to a LAN.
I do have one computer here, which has git involved in what goes
into /etc. Rsync works with deltas, as does git. It may be that
backing up this git morphed /etc is not much more expensive than
backing up an ordinary /etc.
I still have no idea what happens, if I usermod the backuppc user to
backuppc1 or backuppc2; and then I upgrade the backuppc package. And
what is going on with the rsync-bpc binary? Why is it not needed on
Debian?
I see metacpan.org lists s2p (written by Larry Wall), which converts
sed into perl), it doesn't reference anything to go the other way.
In any event, I really should see if I can find some way to automate
the generation of stanzas for BackupPC and the rules file for only.
This was an interesting sed related comment on Perl, perl is faster
than sed at some useful things.
http://rc3.org/2014/08/28/surprisingly-perl-outperforms-sed-and-awk/
Have a great day!
Gord
Reply to: