Backup Central

Hello.

I just started playing around with rdiff-backup 1.0.1 and came across a
problem with the --create-full-path option.

Basically, I'm initiating all my backups from the clients (for security
reasons), and therefore am connecting to the backup server as a standard
user. Below is what I am running, and what I get:

$ rdiff-backup --create-full-path /home/mbydalek/bleh/
backupuser < at > backupserver::home/mbydalek/bleh
Traceback (most recent call last):
File "/usr/bin/rdiff-backup", line 23, in ?
rdiff_backup.Main.Main(sys.argv[1:])
File "/usr/lib/python2.4/site-packages/rdiff_backup/Main.py", line
283, in Main
take_action(rps)
File "/usr/lib/python2.4/site-packages/rdiff_backup/Main.py", line
253, in take_action
elif action == "backup": Backup(rps[0], rps[1])
File "/usr/lib/python2.4/site-packages/rdiff_backup/Main.py", line
292, in Backup
backup_check_dirs(rpin, rpout)
File "/usr/lib/python2.4/site-packages/rdiff_backup/Main.py", line
332, in backup_check_dirs
if create_full_path: rpout.makedirs()
File "/usr/lib/python2.4/site-packages/rdiff_backup/rpath.py", line
801, in makedirs
self.conn.os.makedirs(self.path)
File "/usr/lib/python2.4/site-packages/rdiff_backup/connection.py",
line 445, in __call__
return apply(self.connection.reval, (self.name,) + args)
File "/usr/lib/python2.4/site-packages/rdiff_backup/connection.py",
line 367, in reval
if isinstance(result, Exception): raise result
rdiff_backup.Security.Violation:
Warning Security Violation!
Bad request for function: os.makedirs
with arguments: ['home/mbydalek/bleh']

It seems like it doesn't want to create the subdirectories due to a
Security Violation. Since I am running as a non-privileged user on the
backup server, is that causing the problems? If not, what could it be?

Thanks,
Mike

Mike Bydalek wrote:
It seems like it doesn't want to create the subdirectories due to a
Security Violation. Since I am running as a non-privileged user on the
backup server, is that causing the problems?

If the user under which you are running on the backup server does not
have the permissions to create the directory tree then yes.

If you have interactive access to the backup server you can try this out
with:

mkdir -p home/mbydalek/bleh

--
Keith Edmunds

+---------------------------------------------------------------------+
| Tiger Computing Ltd | Helping businesses make the most of Linux |
| "The Linux Company" | http://www.TheLinuxConsultancy.co.uk |
+---------------------------------------------------------------------+

Keith Edmunds wrote:
Mike Bydalek wrote:
It seems like it doesn't want to create the subdirectories due to a
Security Violation. Since I am running as a non-privileged user on
the backup server, is that causing the problems?

If the user under which you are running on the backup server does not
have the permissions to create the directory tree then yes.

If you have interactive access to the backup server you can try this
out with:

mkdir -p home/mbydalek/bleh

That's just the thing, the permissions on the backup server are all set
correctly. The problem isn't with permissions at all because even I
login as root < at > backupserver, I still get the Security Violation error.

It just seems like this option is broken. If I try running rdiff-backup
on my client as root and connect to the backup server as root, I get the
same error.

Any other ideas for me to try? Also, where would I submit a bug report
if this is a bug?

I'm not really familiar with Python too much, so is there a setting or
something that's preventing this from running in a global config somewhere?

Thanks,
Mike

Mike Bydalek wrote:
That's just the thing, the permissions on the backup server are all set
correctly. The problem isn't with permissions at all because even I
login as root < at > backupserver, I still get the Security Violation error.

If you login interactively can you then exectute 'mkdir -p
home/mbydalek/bleh'?

It just seems like this option is broken. If I try running rdiff-backup
on my client as root and connect to the backup server as root, I get the
same error.

Please try it without rdiff-backup (as above). I use this option on a
number of servers every night, so whilst it may not be bug-free, it
isn't completely broken.

Any other ideas for me to try? Also, where would I submit a bug report
if this is a bug?

Yes: try the interactive command as the user that runs rdiff-backup on
the server. If it fails then please post the full output here. Bug
reports can be made at the rdiff-backup homepage, but seeing as I wrote
that particular option I'm happy to discuss it here.

I'm not really familiar with Python too much, so is there a setting or
something that's preventing this from running in a global config somewhere?

Unlikely.

Keith

Keith Edmunds wrote:
Mike Bydalek wrote:
That's just the thing, the permissions on the backup server are all
set correctly. The problem isn't with permissions at all because
even I login as root < at > backupserver, I still get the Security Violation
error.

If you login interactively can you then exectute 'mkdir -p
home/mbydalek/bleh'?
Yes, I can do this with no problem, especially when I login as root
Sorry, I meant to include this in my other e-mail, but assumed it would
be inferred when I was able to login as root.

It just seems like this option is broken. If I try running
rdiff-backup on my client as root and connect to the backup server as
root, I get the same error.

Please try it without rdiff-backup (as above). I use this option on a
number of servers every night, so whilst it may not be bug-free, it
isn't completely broken.

I suppose I *could* do a mkdir -p, but it just seems redundant to do.
Sure, it's no problem to check if the directory exists and create it,
but still, the man page says it should work =P

-Mike

Mike Bydalek wrote:
I suppose I *could* do a mkdir -p, but it just seems redundant to do.

I didn't mean to suggest that you should manually create directories -
as you say, that's the whole point of this switch in rdiff-backup. That
said, this option is very simply implemented, and I can see no reason
why user X shoudl be able to successfully create multiple directory
paths in one go using 'mkdir' but not using 'os.makedirs' in Python.

Please try this whilst logged into the backup server *as the user who
runs rdiff-backup* - let me stress, it MUST be as the user who
experienced the original problem ("backupuser" in your original posting):

$ python
import os
os.makedirs('/home/mbydalek/x/y/z')
^D

...and let me know what happens. You can remove the superflous
directories after with "rm -r /home/mbydalek/x".

Keith

--
Keith Edmunds

+---------------------------------------------------------------------+
| Tiger Computing Ltd | Helping businesses make the most of Linux |
| "The Linux Company" | http://www.TheLinuxConsultancy.co.uk |
+---------------------------------------------------------------------+

Keith Edmunds wrote:
Mike Bydalek wrote:
I suppose I *could* do a mkdir -p, but it just seems redundant to do.

Please try this whilst logged into the backup server *as the user who
runs rdiff-backup* - let me stress, it MUST be as the user who
experienced the original problem ("backupuser" in your original posting):

$ python
import os
os.makedirs('/home/mbydalek/x/y/z')
^D

...and let me know what happens. You can remove the superflous
directories after with "rm -r /home/mbydalek/x".
Since I am doing it relative to backupuser's home directory, I left out
the first /. That said, the code above worked just fine.

-Mike

Mike Bydalek wrote:
Since I am doing it relative to backupuser's home directory, I left out
the first /. That said, the code above worked just fine.

Well, I'm not sure what to say - that is exactly the code that
rdiff-backup is using.

Ben, do you have any ideas?

Keith

Mike Bydalek <mbydalek < at > compunetconsulting.com>
wrote the following on Thu, 20 Oct 2005 10:14:09 -0700
$ python
import os
os.makedirs('/home/mbydalek/x/y/z')
^D

...and let me know what happens. You can remove the superflous
directories after with "rm -r /home/mbydalek/x".
Since I am doing it relative to backupuser's home directory, I left out
the first /. That said, the code above worked just fine.

The "security violation" is raised by rdiff-backup's internal security
scheme. Recently (v1.0.0?) a hole was plugged in it, and as an
unintended consequence some options like --create-full-path may now
cause false positives.

Please run rdiff-backup again with -v7 and post all the traceback
information it spews before the crash.


--
Ben Escoto

Ben Escoto wrote:
Mike Bydalek <mbydalek < at > compunetconsulting.com>
wrote the following on Thu, 20 Oct 2005 10:14:09 -0700

$ python

import os
os.makedirs('/home/mbydalek/x/y/z')
^


Please run rdiff-backup again with -v7 and post all the traceback
information it spews before the crash

Here's the -v7 as requested.

-Mike

$ rdiff-backup -v7 --create-full-path /home/mbydalek/bleh/
backupserver::home/mbydalek/bleh
Executing ssh -C backupserver rdiff-backup --server
Registering connection 1
Making directory path home/mbydalek/bleh
Sending back exception
Warning Security Violation!
Bad request for function: os.makedirs
with arguments: ['home/mbydalek/bleh']
of type rdiff_backup.Security.Violation:
File "/usr/lib/python2.3/site-packages/rdiff_backup/connection.py",
line 333, in answer_request
Security.vet_request(request, argument_list)
File "/usr/lib/python2.3/site-packages/rdiff_backup/Security.py", line
205, in vet_request
raise_violation(request, arglist)
File "/usr/lib/python2.3/site-packages/rdiff_backup/Security.py", line
186, in raise_violation
raise Violation("\nWarning Security Violation!\n"

Traceback (most recent call last):
File "/usr/bin/rdiff-backup", line 23, in ?
rdiff_backup.Main.Main(sys.argv[1:])
File "/usr/lib/python2.4/site-packages/rdiff_backup/Main.py", line
283, in Main
take_action(rps)
File "/usr/lib/python2.4/site-packages/rdiff_backup/Main.py", line
253, in take_action
elif action == "backup": Backup(rps[0], rps[1])
File "/usr/lib/python2.4/site-packages/rdiff_backup/Main.py", line
292, in Backup
backup_check_dirs(rpin, rpout)
File "/usr/lib/python2.4/site-packages/rdiff_backup/Main.py", line
332, in backup_check_dirs
if create_full_path: rpout.makedirs()
File "/usr/lib/python2.4/site-packages/rdiff_backup/rpath.py", line
801, in makedirs
self.conn.os.makedirs(self.path)
File "/usr/lib/python2.4/site-packages/rdiff_backup/connection.py",
line 445, in __call__
return apply(self.connection.reval, (self.name,) + args)
File "/usr/lib/python2.4/site-packages/rdiff_backup/connection.py",
line 367, in reval
if isinstance(result, Exception): raise result
rdiff_backup.Security.Violation:
Warning Security Violation!
Bad request for function: os.makedirs
with arguments: ['home/mbydalek/bleh']

mbydalek < at > localhost ~ $ Traceback (most recent call last):
File "/usr/bin/rdiff-backup", line 23, in ?
rdiff_backup.Main.Main(sys.argv[1:])
File "/usr/lib/python2.3/site-packages/rdiff_backup/Main.py", line
283, in Main
take_action(rps)
File "/usr/lib/python2.3/site-packages/rdiff_backup/Main.py", line
251, in take_action
connection.PipeConnection(sys.stdin, sys.stdout).Server()
File "/usr/lib/python2.3/site-packages/rdiff_backup/connection.py",
line 352, in Server
self.get_response(-1)
File "/usr/lib/python2.3/site-packages/rdiff_backup/connection.py",
line 314, in get_response
try: req_num, object = self._get()
File "/usr/lib/python2.3/site-packages/rdiff_backup/connection.py",
line 230, in _get
raise ConnectionReadError("Truncated header string (problem "
rdiff_backup.connection.ConnectionReadError: Truncated header string
(problem probably originated remotely)

Mike Bydalek <mbydalek < at > compunetconsulting.com>
wrote the following on Fri, 21 Oct 2005 15:07:45 -0700

Here's the -v7 as requested.

The little patch at:

http://savannah.nongnu.org/cgi-bin/viewcvs/rdiff-backup/rdiff-backup/rdiff_backup/Security.py.diff?r2=1.25.2.1&r1=1.25&diff_format=u

should fix the problem.


--
Ben Escoto

Ben Escoto <ben < at > emerose.org>
wrote the following on Fri, 21 Oct 2005 21:47:36 -0500

The little patch at:

http://savannah.nongnu.org/cgi-bin/viewcvs/rdiff-backup/rdiff-backup/rdiff_backup/Security.py.diff?r2=1.25.2.1&r1=1.25&diff_format=u

should fix the problem.

Oops, too little, I forgot a spot. You need:

http://savannah.nongnu.org/cgi-bin/viewcvs/rdiff-backup/rdiff-backup/rdiff_backup/Security.py.diff?r2=1.25.2.2&only_with_tag=r1-0&r1=1.25.2.1&diff_format=u

also. After that I think it should be ok.


--
Ben Escoto

Ben Escoto wrote:
Ben Escoto <ben < at > emerose.org>
wrote the following on Fri, 21 Oct 2005 21:47:36 -0500

The little patch at:

http://savannah.nongnu.org/cgi-bin/viewcvs/rdiff-backup/rdiff-backup/rdiff_backup/Security.py.diff?r2=1.25.2.1&r1=1.25&diff_format=u

should fix the problem.


Oops, too little, I forgot a spot. You need:

http://savannah.nongnu.org/cgi-bin/viewcvs/rdiff-backup/rdiff-backup/rdiff_backup/Security.py.diff?r2=1.25.2.2&only_with_tag=r1-0&r1=1.25.2.1&diff_format=u

also. After that I think it should be ok.

Nice call. I was literally in the process of writing an e-mail, and
just got back to the computer to see your e-mail waiting ;)

Using both of these did the trick and --create-full-path works as
expected now.

-Mike