Backup Central

I'm a little confused about the $Conf{CgiAdminUserGroup} and
$Conf{CgiAdminUsers} tags in the main config file.

I'd like the following scenario adhered to for the CGI interface.

I want an admin user (Let's just name him admin) to have access/control to
all shares.
I want an addition client (only in some cases to have access to their own
shares.

There are four places where I would think to change values. One would be
the config.pl file, the other would be real system user accounts (Are these
needed?), another would be in the hosts file, and then another would be a
.htaccess password protection scheme.

So, lets say that I have the following hosts in my host file.

host dhcp user moreUsers
machine1 0 admin charlie
machine2 0 admin
machine3 0 admin
machine4 0 admin joe,steve,brad

Where are admin, charlie, joe, steve and brad defined?

I have the system working with $Conf{CgiAdminUsers} = '*'; but would
like to lock it down.

So here are the questions:
1...Do ANY of these users need to exist as real system users, based on
having the following .htaccess in my /cgi-bin:
AuthGroupFile /etc/group # <--- change path as needed
AuthUserFile /etc/passwd # <--- change path as needed
AuthType basic
AuthName "access"
require valid-user
2...If I create an apache basic auth scheme, do I use the user names there?
3...What should I use in the config.pl's $Conf{CgiAdminUserGroup} and
$Conf{CgiAdminUsers} values and should either one match the main user in the
hosts file?

Thank you,
Corey Baldwin

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.714 / Virus Database: 470 - Release Date: 7/2/2004



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

Ok, I'll answer part of my own question here. I realize that the .htaccess
in cgi-bin is incorrect, and it wasn't being read in my apache installation
because of allowoverride none option. But the rest of the question still
remains unresolved. How are these users defined and authenticated?

Thanks,
Corey Baldwin

-----Original Message-----
From: backuppc-users-admin < at > lists.sourceforge.net
[mailto:backuppc-users-admin < at > lists.sourceforge.net]On Behalf Of Corey
Baldwin
Sent: Saturday, July 03, 2004 3:49 PM
To: backuppc-users < at > lists.sourceforge.net
Subject: [BackupPC-users] Confused about user auth


I'm a little confused about the $Conf{CgiAdminUserGroup} and
$Conf{CgiAdminUsers} tags in the main config file.

I'd like the following scenario adhered to for the CGI interface.

I want an admin user (Let's just name him admin) to have access/control to
all shares.
I want an addition client (only in some cases to have access to their own
shares.

There are four places where I would think to change values. One would be
the config.pl file, the other would be real system user accounts
(Are these
needed?), another would be in the hosts file, and then another would be a
.htaccess password protection scheme.

So, lets say that I have the following hosts in my host file.

host dhcp user moreUsers
machine1 0 admin charlie
machine2 0 admin
machine3 0 admin
machine4 0 admin joe,steve,brad

Where are admin, charlie, joe, steve and brad defined?

I have the system working with $Conf{CgiAdminUsers} = '*'; but would
like to lock it down.

So here are the questions:
1...Do ANY of these users need to exist as real system users, based on
having the following .htaccess in my /cgi-bin:
AuthGroupFile /etc/group # <--- change path as needed
AuthUserFile /etc/passwd # <--- change path as needed
AuthType basic
AuthName "access"
require valid-user
2...If I create an apache basic auth scheme, do I use the user
names there?
3...What should I use in the config.pl's $Conf{CgiAdminUserGroup} and
$Conf{CgiAdminUsers} values and should either one match the main
user in the
hosts file?

Thank you,
Corey Baldwin

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.714 / Virus Database: 470 - Release Date: 7/2/2004



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.714 / Virus Database: 470 - Release Date: 7/2/2004

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.714 / Virus Database: 470 - Release Date: 7/2/2004



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

Corey,

See if this helps any, if not I'll see if I can elaborate further.

http://sourceforge.net/mailarchive/message.php?msg_id=4321108

Doug

Corey Baldwin wrote:

I'm a little confused about the $Conf{CgiAdminUserGroup} and
$Conf{CgiAdminUsers} tags in the main config file.

I'd like the following scenario adhered to for the CGI interface.

I want an admin user (Let's just name him admin) to have access/control to








-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

Ok, this didn't work.

Here's exactly what I've got.

In my config.pl (main) I've got the following settings:
$Conf{CgiAdminUserGroup} = '';
$Conf{CgiAdminUsers} = 'corey';

In my hosts file, I've got the following settings:
host dhcp user moreUsers
domain.com 0 corey < at > domain.com corey

And there is an .htaccess now in my cgi-bin that calls a password file with
user 'corey' in it.

And nothing works. I receive the error message:
Error: Only privileged users can view information about host domain.com.

The documentation is pretty vague about this, and I have tried several
different combinations of privileges. The only one I've gotten to work so
far is setting $Conf{CgiAdminUsers} = '*';

The link that you sent me was also vague on setting up administrative users.
I'm not sure why I can't wrap my mind around this, but it's a little
frustrating...lol

Can you please tell me exactly what it would take to allow one admin to
view/control all shares, and also specific users to view/control specific
shares? I believe it's only the two lines in the config.pl file, and then
the hosts file and last the .htaccess password file. If you can just create
an example that you know will work, I will take it from there. The service
and apache run as user backuppc, btw, if that matters.

Thank you very much in advance for your help,
Corey


-----Original Message-----
From: backuppc-users-admin < at > lists.sourceforge.net
[mailto:backuppc-users-admin < at > lists.sourceforge.net]On Behalf Of Doug
Lytle
Sent: Saturday, July 03, 2004 8:35 PM
To: backuppc-users < at > lists.sourceforge.net
Subject: Re: [BackupPC-users] Confused about user auth


Corey,

See if this helps any, if not I'll see if I can elaborate further.

http://sourceforge.net/mailarchive/message.php?msg_id=4321108

Doug

Corey Baldwin wrote:

I'm a little confused about the $Conf{CgiAdminUserGroup} and
$Conf{CgiAdminUsers} tags in the main config file.

I'd like the following scenario adhered to for the CGI interface.

I want an admin user (Let's just name him admin) to have
access/control to





-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.714 / Virus Database: 470 - Release Date: 7/2/2004

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.714 / Virus Database: 470 - Release Date: 7/2/2004



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

Ok, Ok....First thing to check when the television doesn't work...Is it
plugged in?

Still trying to figure out why my supposedly good configuration wasn't
working, I followed the advice in the docs and copied printenv into my
cgi-bin and pulled it up in a browser. I saw that my REMOTE_USER variable
was not being set. After playing with my httpd.conf (Setting Options All
this time) the variable was set, and now my config works just as it should.
Allowing only specific users where I want them, and allowing my admin user
full control.

Thank you for your time.

Corey Baldwin

-----Original Message-----
From: backuppc-users-admin < at > lists.sourceforge.net
[mailto:backuppc-users-admin < at > lists.sourceforge.net]On Behalf Of Doug
Lytle
Sent: Saturday, July 03, 2004 8:35 PM
To: backuppc-users < at > lists.sourceforge.net
Subject: Re: [BackupPC-users] Confused about user auth


Corey,

See if this helps any, if not I'll see if I can elaborate further.

http://sourceforge.net/mailarchive/message.php?msg_id=4321108

Doug

Corey Baldwin wrote:

I'm a little confused about the $Conf{CgiAdminUserGroup} and
$Conf{CgiAdminUsers} tags in the main config file.

I'd like the following scenario adhered to for the CGI interface.

I want an admin user (Let's just name him admin) to have
access/control to





-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.714 / Virus Database: 470 - Release Date: 7/2/2004

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.714 / Virus Database: 470 - Release Date: 7/2/2004



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/