Backup Central

We have one central backuppc server that we have been using for some
years now. In our agency we actually have another IT group that
handles a small subset of users. That groups backup server has crashed
and we are looking at adding them to our backuppc server. However we
do not want them to have access to our hosts and they need their own
login. We would just setup another backuppc server for them but we
want to utilize the de-duplication characteristics of backuppc to the
maximum, hence sharing our server with them. Is this possible?

Donny B.

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Donny,

On Thu, Jun 21, 2012 at 10:24 AM, Kameleon <kameleon25 < at > gmail.com ([email]kameleon25 < at > gmail.com[/email])> wrote:
We have one central backuppc server that we have been using for some
years now. In our agency we actually have another IT group that
handles a small subset of users. That groups backup server has crashed
and we are looking at adding them to our backuppc server. However we
do not want them to have access to our hosts and they need their own
login. We would just setup another backuppc server for them but we
want to utilize the de-duplication characteristics of backuppc to the
maximum, hence sharing our server with them. Is this possible?


Sure you can - we do that here on 3 backup servers we run with BackupPC. Just add their login user names to the BackupPC hosts file for the hosts that login should have access to. For example, for the example hosts file:

host                    dhcp    user    moreUsers     # <--- do not edit this line
farside                0       craig   jill,jeff     # <--- example static IP host entry
farside2              0       craig

In this case, craig, jill and jeff would have access to the computer farside. No other users would have access to farside - nor would they even see that it's setup on the server. For farside2, only craig would have access - jill and jeff would not.



Chris

--
Chris Stone
AxisInternet, Inc.
www.axint.net

That is exactly what I was looking for. Thanks for the fast response.
It has been forever since I have setup backuppc but on our current
servers we use "user root" but login to the backuppc web interface
with user backuppc. This user is able to see every host we have. So I
need to do some digging and remember how we setup authentication. But
it should be as easy as adding another user to whatever mechanism we
used and putting "user root More users newusername" on their hosts
corect?

On Thu, Jun 21, 2012 at 11:33 AM, Chris Stone <axisml < at > gmail.com> wrote:
Donny,


On Thu, Jun 21, 2012 at 10:24 AM, Kameleon <kameleon25 < at > gmail.com> wrote:

We have one central backuppc server that we have been using for some
years now. In our agency we actually have another IT group that
handles a small subset of users. That groups backup server has crashed
and we are looking at adding them to our backuppc server. However we
do not want them to have access to our hosts and they need their own
login. We would just setup another backuppc server for them but we
want to utilize the de-duplication characteristics of backuppc to the
maximum, hence sharing our server with them. Is this possible?


Sure you can - we do that here on 3 backup servers we run with BackupPC.
Just add their login user names to the BackupPC hosts file for the hosts
that login should have access to. For example, for the example hosts file:

host                    dhcp    user    moreUsers     # <--- do not edit
this line
farside                0       craig   jill,jeff     # <--- example static
IP host entry
farside2              0       craig

In this case, craig, jill and jeff would have access to the computer
farside. No other users would have access to farside - nor would they even
see that it's setup on the server. For farside2, only craig would have
access - jill and jeff would not.



Chris


--
Chris Stone
AxisInternet, Inc.
www.axint.net

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Donny,

On Thu, Jun 21, 2012 at 10:59 AM, Kameleon <kameleon25 < at > gmail.com ([email]kameleon25 < at > gmail.com[/email])> wrote:
with user backuppc. This user is able to see every host we have. So I
need to do some digging and remember how we setup authentication. But
it should be as easy as adding another user to whatever mechanism we
used and putting "user root More users newusername" on their hosts
corect?





The web interfaces uses http authentication and sets up (by default as I recall) a .htaccess file in your cgi-bin directory (e.g. /var/www/cgi-bin) like:

[root < at > axisbackup ~]# cat /var/www/cgi-bin/.htaccess
    AuthGroupFile /etc/httpd/conf/group    # <--- change path as needed
    AuthUserFile /etc/httpd/conf/passwd     # <--- change path as needed
    AuthType basic
    AuthName "AxisBackup Access"
    require valid-user

So, with this, you'd add a new user with:

htpasswd /etc/httpd/conf/passwd newusername

You'll be prompted for the password and then that user (newusername) will be added to the /etc/httpd/conf/passwd file and will then be able to log in. Link them to hosts in the backuppc hosts file and you should be all set.



Chris

--
Chris Stone
AxisInternet, Inc.
www.axint.net

Well I think we never used any of the authentication and it didn't
setup a .htaccess anywhere. Since we are in the midst of moving the
server and going from ubuntu to centos I will be sure to fully
configure it correctly this time. Thanks again.

On Thu, Jun 21, 2012 at 12:15 PM, Chris Stone <axisml < at > gmail.com> wrote:
Donny,


On Thu, Jun 21, 2012 at 10:59 AM, Kameleon <kameleon25 < at > gmail.com> wrote:

with user backuppc. This user is able to see every host we have. So I
need to do some digging and remember how we setup authentication. But
it should be as easy as adding another user to whatever mechanism we
used and putting "user root More users newusername" on their hosts
corect?


The web interfaces uses http authentication and sets up (by default as I
recall) a .htaccess file in your cgi-bin directory (e.g. /var/www/cgi-bin)
like:

[root < at > axisbackup ~]# cat /var/www/cgi-bin/.htaccess
    AuthGroupFile /etc/httpd/conf/group    # <--- change path as needed
    AuthUserFile /etc/httpd/conf/passwd     # <--- change path as needed
    AuthType basic
    AuthName "AxisBackup Access"
    require valid-user

So, with this, you'd add a new user with:

htpasswd /etc/httpd/conf/passwd newusername

You'll be prompted for the password and then that user (newusername) will be
added to the /etc/httpd/conf/passwd file and will then be able to log in.
Link them to hosts in the backuppc hosts file and you should be all set.




Chris


--
Chris Stone
AxisInternet, Inc.
www.axint.net

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

On Thu, Jun 21, 2012 at 11:29 AM, Kameleon <kameleon25 < at > gmail.com ([email]kameleon25 < at > gmail.com[/email])> wrote:
Well I think we never used any of the authentication and it didn't
setup a .htaccess anywhere. Since we are in the midst of moving the
server and going from ubuntu to centos I will be sure to fully
configure it correctly this time. Thanks again.


Hope you had it firewalled! No authentication would open access to all of your files by anybody that wanted them....

Chris

--
Chris Stone
AxisInternet, Inc.
www.axint.net

Of course. Although the authentication was the backuppc user and
its password.

On Thu, Jun 21, 2012 at 12:59 PM, Chris Stone <axisml < at > gmail.com> wrote:

On Thu, Jun 21, 2012 at 11:29 AM, Kameleon <kameleon25 < at > gmail.com> wrote:

Well I think we never used any of the authentication and it didn't
setup a .htaccess anywhere. Since we are in the midst of moving the
server and going from ubuntu to centos I will be sure to fully
configure it correctly this time. Thanks again.


Hope you had it firewalled! No authentication would open access to all of
your files by anybody that wanted them....



Chris

--
Chris Stone
AxisInternet, Inc.
www.axint.net

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

On Thu, Jun 21, 2012 at 1:06 PM, Kameleon <kameleon25 < at > gmail.com> wrote:
Of course. Although the authentication was the backuppc user and
its password.


Note that only the admin user or someone in the admin group can create
new target hosts and these users can access all hosts. After hosts
are created and their owners assigned, the owner logins can see the
hosts delegated to them. The scheme doesn't handle separate groups,
each with their own admin capability but isolated from each other.

--
Les Mikesell
lesmikesell < at > gmail.com

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Right, the other group won't be adding/deleting/etc hosts. All they
will do is log in to do restores to their already setup hosts. What we
want is for them to be able to login and only see their hosts and not
ours. This is what you are saying is how it works correct?

On Thu, Jun 21, 2012 at 1:18 PM, Les Mikesell <lesmikesell < at > gmail.com> wrote:
On Thu, Jun 21, 2012 at 1:06 PM, Kameleon <kameleon25 < at > gmail.com> wrote:
Of course. Although the authentication was the backuppc user and
its password.


Note that only the admin user or someone in the admin group can create
new target hosts and these users can access all hosts.   After hosts
are created and their owners assigned, the owner logins can see the
hosts delegated to them.  The scheme doesn't handle separate groups,
each with their own admin capability but isolated from each other.

--
  Les Mikesell
   lesmikesell < at > gmail.com

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

On Thu, Jun 21, 2012 at 1:28 PM, Kameleon <kameleon25 < at > gmail.com> wrote:
Right, the other group won't be adding/deleting/etc hosts. All they
will do is log in to do restores to their already setup hosts. What we
want is for them to be able to login and only see their hosts and not
ours. This is what you are saying is how it works correct?

Yes, the admin user/group can do everything. Other users only see
what is delegated. Sometimes when people say multi-tenancy they mean
independent groups with separate and exclusive administration. As
long as one login or group is allowed to see everything it will do
what you want.

--
Les Mikesell
lesmikesell < at > gmail.com

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

Yes. So now I have to rethink the way I initially set this up. I put
in root as the user on each server thinking that is what it used to
log into the server. The way the documentation reads it is only who
can administer that server and its backups but was not clear, to me,
that it didn't have to be root. Now I see that the "root" login to the
server is specified on the "rsyncclientcommand". I will be changing
this asap. Thanks for the input guys.

On Thu, Jun 21, 2012 at 1:51 PM, Les Mikesell <lesmikesell < at > gmail.com> wrote:
On Thu, Jun 21, 2012 at 1:28 PM, Kameleon <kameleon25 < at > gmail.com> wrote:
Right, the other group won't be adding/deleting/etc hosts. All they
will do is log in to do restores to their already setup hosts. What we
want is for them to be able to login and only see their hosts and not
ours. This is what you are saying is how it works correct?

Yes, the admin user/group can do everything.  Other users only see
what is delegated.  Sometimes when people say multi-tenancy they mean
independent groups with separate and exclusive administration.   As
long as one login or group is allowed to see everything it will do
what you want.

--
  Les Mikesell
    lesmikesell < at > gmail.com

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/

On Thu, Jun 21, 2012 at 2:05 PM, Kameleon <kameleon25 < at > gmail.com ([email]kameleon25 < at > gmail.com[/email])> wrote:
Yes. So now I have to rethink the way I initially set this up. I put
in root as the user on each server thinking that is what it used to
log into the server. The way the documentation reads it is only who
can administer that server and its backups but was not clear, to me,
that it didn't have to be root. Now I see that the "root" login to the
server is specified on the "rsyncclientcommand". I will be changing
this asap. Thanks for the input guys.

With the http authentication, the http users are separate from your system users. A user setup for http authentication called root would not the same as the system root user. Would be confusing though, so wouldn't recommend creating a user called root for the web access - use admin or something like that instead - or better yet, call it bob or something not related to admin type names.


Chris

--
Chris Stone
AxisInternet, Inc.
www.axint.net