I am stuck. I have read HOWTOs all over the place saying how to get rdiff-backup to use a public key with a 'command="(shell script name)"'. The script then executes the client side version of rdiff-backup sudo'd which then safely backups up everything. Here is the HOWTO that explains what I am trying to do in detail (for rsync but I’m trying to do it for rdiff-backup): http://troy.jdmz.net/rsync/index.html
I can do this (with ridff-backup) using public-key authentication as root on the client with the forced command in the key on the client side. But I just CANNOT get the forced-command in a script to work with rdiff-backup.
BTW, I can get the forced-command to work calling a script merely containing the 'ls' command. Maybe this all has something to so with the shell messing with STDOUT and potential fundamental misunderstanding of shell environments as hinted at here: http://www.mail-archive.com/rdiff-backup-users < at > nongnu.org/msg02954.html
?
What Works
Currently 'rdiff-backup' works great on the client/backup-machine with the command:
rdiff-backup user < at > server::/home/user /home/server-backups/user
The login uses a password-less key-based authentication and the ssh client-side configuration (.ssh/config) file reading:
host client
hostname client
user user
identityfile /home/client/key/server-passwordless-key
compression yes
protocol 2
NOTE: they private key is in /home/client/key/server-password-less-key.
On the server the public-key starts with the following constraints:
from="client",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="rdiff-backup --server --restrict-read-only /" ssh-rsa AAasdfaj23jasljjj..etc., etc.
This works perfectly. Both machines are Ubuntu Server 10.04 LTS.
The Error
The problem is that if I want to "force the command" on the server by altering the server-side public key so it looks for '/usr/local/bin/hard-coded-rdiff' as follows:
from="client",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/usr/local/bin/hard-coded-rdiff" ssh-rsa AAasdfaj23jasljjj..etc., etc.
I have run:
chmod 744 /usr/local/bin/hard-coded-rdiff
...so it should be executable by all. 'user' can execute /user/local/bin/hard-coded-rdiff.
/usr/local/bin/hard-coded-rdiff's contents are:
#! /usr/bin/sh
/usr/bin/rdiff-backup --server --restrict-read-only /
This fails on the client with the message:
Exception '' raised of class '<type 'exceptions.MemoryError'>':
File "/usr/lib/pymodules/python2.6/rdiff_backup/Main.py", line 304, in error_check_Main
try: Main(arglist)
File "/usr/lib/pymodules/python2.6/rdiff_backup/Main.py", line 321, in Main
rps = map(SetConnections.cmdpair2rp, cmdpairs)
File "/usr/lib/pymodules/python2.6/rdiff_backup/SetConnections.py", line 76, in cmdpair2rp
if cmd: conn = init_connection(cmd)
File "/usr/lib/pymodules/python2.6/rdiff_backup/SetConnections.py", line 152, in init_connection
check_connection_version(conn, remote_cmd)
File "/usr/lib/pymodules/python2.6/rdiff_backup/SetConnections.py", line 160, in check_connection_version
try: remote_version = conn.Globals.get('version')
File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 450, in __call__
return apply(self.connection.reval, (self.name,) + args)
File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 368, in reval
result = self.get_response(req_num)
File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 315, in get_response
try: req_num, object = self._get()
File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 240, in _get
data = self._read(length)
File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 210, in _read
try: return self.inpipe.read(length)
Traceback (most recent call last):
File "/usr/bin/rdiff-backup", line 30, in <module>
rdiff_backup.Main.error_check_Main(sys.argv[1:])
File "/usr/lib/pymodules/python2.6/rdiff_backup/Main.py", line 304, in error_check_Main
try: Main(arglist)
File "/usr/lib/pymodules/python2.6/rdiff_backup/Main.py", line 321, in Main
rps = map(SetConnections.cmdpair2rp, cmdpairs)
File "/usr/lib/pymodules/python2.6/rdiff_backup/SetConnections.py", line 76, in cmdpair2rp
if cmd: conn = init_connection(cmd)
File "/usr/lib/pymodules/python2.6/rdiff_backup/SetConnections.py", line 152, in init_connection
check_connection_version(conn, remote_cmd)
File "/usr/lib/pymodules/python2.6/rdiff_backup/SetConnections.py", line 160, in check_connection_version
try: remote_version = conn.Globals.get('version')
File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 450, in __call__
return apply(self.connection.reval, (self.name,) + args)
File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 368, in reval
result = self.get_response(req_num)
File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 315, in get_response
try: req_num, object = self._get()
File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 240, in _get
data = self._read(length)
File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 210, in _read
try: return self.inpipe.read(length)
MemoryError
The message from rdiff-backup on the server (pulling from client) ends with a dump of errors from the python executable and a "memory error." Same command on the client, small change to force the user of a shell script on the server and it fails – why please?
Thanks for your suggestions.
Respectfully,
Richard
P.S. I also listed this question on serverfault.com here: http://serverfault.com/questions/271518/rdiff-backup-fails-with-forced-command-but-works-through-shell if you want to answer the question for points there.
