Backup Central

Hi everyone,

I've recently configured access control on the BackupPC CGI interface. Th=
is seems to work ok in
that the webserver prompts for the username and password initially. Howev=
er, it is almost as if
the rules are being applied eratically. Normally, on first login, if the =
user goes to PC Summary,
only the PC's for which the user is specified in the hosts file are displ=
ayed. However, not long
afterwards, the user can suddenly see all PC's If one keeps clicking o=
n the PC Summary, then
sometimes one gets the full list, and sometimes the list as limited by t=
he login credentials.

I first thought that this might be a misconfig of Auth on my server, so t=
o make sure, I modified
the Trailer sub in Lib.pm to print the value of $User before sending the =
</body></html>. This
resulted in the environment variable REMOTE_USER as reported by Apache be=
ing printed at the bottom
of each page. However, in all cases, the username is the one that was use=
d to log on It hence
almost seems as if the CheckPermissions thing does not quite work for me.=
I'm no perl expert, so I
guess this must be something not quite right with my setup.

Am I perhaps missing something ? I run Apache 1.3.31 with mod_perl 1.29. =
My BackupPCAdmin is
installed directly in the /cgi-bin/ directory and the Auth requirements a=
re specified in
httpd.conf as :

<Directory "/www/cgi-bin">
AuthUserFile /www/access/passwd
AuthType Basic
AuthName "Access"
Require valid-user
Order allow,deny
</Directory>

Any help appreciated,

Stefan


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

"Stefan Schoeman" writes:

I've recently configured access control on the BackupPC CGI
interface. This seems to work ok in that the webserver prompts
for the username and password initially. However, it is almost
as if the rules are being applied eratically. Normally, on first
login, if the user goes to PC Summary, only the PC's for which
the user is specified in the hosts file are displayed. However,
not long afterwards, the user can suddenly see all PC's If
one keeps clicking on the PC Summary, then sometimes one gets
the full list, and sometimes the list as limited by the login
credentials.

I first thought that this might be a misconfig of Auth on my
server, so to make sure, I modified the Trailer sub in Lib.pm to
print the value of $User before sending the </body></html>. This
resulted in the environment variable REMOTE_USER as reported by
Apache being printed at the bottom of each page. However, in all
cases, the username is the one that was used to log on It hence
almost seems as if the CheckPermissions thing does not quite work
for me. I'm no perl expert, so I guess this must be something not
quite right with my setup.

Am I perhaps missing something ? I run Apache 1.3.31 with mod_perl
1.29. My BackupPCAdmin is installed directly in the /cgi-bin/
directory and the Auth requirements are specified in httpd.conf as:

First off, please try it without mod_perl and make sure
everything works.

It sounds like with mod_perl that several of the apache processes
do the right thing, but one or two do not. Each request is handled
by one of the apache processes, more or less at random. So for some
reason one or more of the apache processes do the wrong thing.

What version of BackupPC are you using? It sounds like 2.1.0beta2.

First thing I would try is restating apache, but i assume you have
done that.

Your debug strategy is the correct one. The next step is to print
some additional variables to see why the CheckPermissions() function
returns the wrong thing. The perl code for this is pretty simple,
eg:

use Data::Dumper;

sub Trailer
{
my $hostStr = Dumper($Hosts);
print <<EOF;
<pre>
User = $User
Conf{CgiAdminUsers} = $Conf{CgiAdminUsers}
Conf{CgiAdminUserGroup} = $Conf{CgiAdminUserGroup}
Conf{CgiAdminUsers} = $Conf{CgiAdminUsers}
PrivAdmin = $PrivAdmin
Hosts = $hostStr
</pre>
</body></html>
EOF
}

Craig


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

Hi Craig,

First of all, many thanks for your reply.
I first did not take out mod_perl. However, I implemented your suggested =
debugging changes to Sub
Trailer() and it became pretty apparent what the issue was. The ConfigAd=
minUsers variable in my
per-PC files was still set for "*". Once I removed this, everything was j=
ust fine. I guess it just
wasn't 100% clear to me which settings belonged in the per-PC config.pl a=
nd which should be set in
the global config.pl. While the config file is exceptionally well documen=
ted, perhaps it could be
slightly altered to keep all global settings in the top of the file (befo=
re the sections that say
"Can be overridden in the Per-PC config). And perhaps a slightly more det=
ailed piece on per-PC
files config files in the documentation would be useful for newbies like =
me.
I'd gladly offer to write these, but I think I need to understand the inn=
er workings on BackupPC
first

Also, having messed with the config files a bit now, perhaps I can contri=
bute to the building of a
configuration type editor for the CGI interface. I have seen in the posts=
that that there has been
a lot of talk regarding this and that someone has done this for BackupPC =
1.5 sometime in the past.
I'm no expert perl coder, but if no-one is actively working on this, can =
I start on this in my own
"depleted-knowledge-of-perl" style and contribute to this back? Alternati=
vely, is there perhaps an
active sub-project running on this at this time that I can contribute to?=
"

Regards and thanks for the help (and the great product).

Stefan

--- Previous Post ---

First off, please try it without mod_perl and make sure
everything works.

It sounds like with mod_perl that several of the apache processes
do the right thing, but one or two do not. Each request is handled
by one of the apache processes, more or less at random. So for some
reason one or more of the apache processes do the wrong thing.

What version of BackupPC are you using? It sounds like 2.1.0beta2.

First thing I would try is restating apache, but i assume you have
done that.

Your debug strategy is the correct one. The next step is to print
some additional variables to see why the CheckPermissions() function
returns the wrong thing. The perl code for this is pretty simple,
eg:

use Data::Dumper;

sub Trailer
{
my $hostStr =3D Dumper($Hosts);
print <<EOF;
<pre>
User =3D $User
Conf{CgiAdminUsers} =3D $Conf{CgiAdminUsers}
Conf{CgiAdminUserGroup} =3D $Conf{CgiAdminUserGroup}
Conf{CgiAdminUsers} =3D $Conf{CgiAdminUsers}
PrivAdmin =3D $PrivAdmin
Hosts =3D $hostStr
</pre>
</body></html>
EOF
}

Craig



-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

Stefan writes:

First of all, many thanks for your reply.
I first did not take out mod_perl. However, I implemented your
suggested debugging changes to Sub Trailer() and it became pretty
apparent what the issue was. The ConfigAdminUsers variable in my
per-PC files was still set for "*". Once I removed this, everything
was just fine. I guess it just wasn't 100% clear to me which settings
belonged in the per-PC config.pl and which should be set in the global
config.pl. While the config file is exceptionally well documented,
perhaps it could be slightly altered to keep all global settings in
the top of the file (before the sections that say "Can be overridden
in the Per-PC config).

As you discovered, the CGI settings actually can be set on a
per-PC basis. But, again as you discovered, it's generally
not very useful customizing them on a per-PC basis. Perhaps
I should add a remark about this to the default config.pl.

And perhaps a slightly more detailed piece on per-PC files config
files in the documentation would be useful for newbies like me. I'd
gladly offer to write these, but I think I need to understand the
inner workings on BackupPC first

If you write something I would be happy to merge it into
the documentation.

Also, having messed with the config files a bit now, perhaps I can
contribute to the building of a configuration type editor for the
CGI interface. I have seen in the posts that that there has been a
lot of talk regarding this and that someone has done this for
BackupPC 1.5 sometime in the past. I'm no expert perl coder, but if
no-one is actively working on this, can I start on this in my own
"depleted-knowledge-of-perl" style and contribute to this back?
Alternatively, is there perhaps an active sub-project running on
this at this time that I can contribute to?"

Leon has recently contributed the start of a CGI editor. As you
note, several other people have worked on this too. I would like
to make sure the overall design and infrastructure is correct,
which I won't be able to spend much time on until after 2.1.0
is out.

The next step with Leon's code is to port it to 2.1.0 and add
a BackupPC::Config module for handling config reading/writing.
Next will be some sort of meta data to define which parameters
are group and displayed.

Some of these steps should be posted on the devel mail list,
so you can track it there and decide what you might contribute.

Craig


-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/