SearchFAQMemberlist Log in

Backup Central Forums Forum Index » Rdiff-Backup » "--restrict-read-only /" doesnt seem to work

The time now is Fri May 25, 2012 7:56 pm
View previous topic | View next topic
Reply to topic Page 1 of 1
"--restrict-read-only /" doesnt seem to work
Author Message
Bill Clarke
Guest



Post "--restrict-read-only /" doesnt seem to work 
this occurs with the following versions: 0.12.7, 0.13.4, and the CVS
HEAD as of 20030813, 04:30 GMT 2004.

note: "--restrict /" also doesn't work. but that's less useful (-:

this is on two Solaris 9 machines; rdiff-backup is run by python 2.3.4,
and is using the current head of the librsync CVS tree (required to
workaround a bug in librsync!).

i have the setup as recommended by
<http://arctic.org/%7Edean/rdiff-backup/unattended.html> for unattended
backups:
- my original server ("alcatraz") has the following in its
/.ssh/authorized_keys:
"""
command="/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/bin/rdiff-backup
--server --restrict-read-only
/",from="alto",no-port-forwarding,no-x11-forwarding,no-pty ssh-rsa [...]
root < at > alto
"""
(where i changed command to different versions of rdiff-backup)

my understanding of the authorized_keys format is that the command given
is run irrespective of the command given over ssh. so no schema is
required.

- the [...] is the public key of the alternate identity from the mirror
server ("alto", used to send to "alcatraz-backup", which redirects to
"alcatraz").

if i remove the "--restrict-read-only /" from the command in
authorized_keys, then backups from "alcatraz-backup" to alto work as
expected.

however, with "--restrict-read-only /" or "--restrict /" appended to
command the backup fails:

"""
# /usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/bin/rdiff-backup
alcatraz-backup::/etc /tmp/alcatraz-etc-backup
Traceback (most recent call last):
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/bin/rdiff-backup",
line 24, in ?
rdiff_backup.Main.Main(sys.argv[1:])
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/Main.py",
line 267, in Main
rps = map(SetConnections.cmdpair2rp, cmdpairs)
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/SetConnections.py",
line 75, in cmdpair2rp
return rpath.RPath(conn, filename).normalize()
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/rpath.py",
line 667, in __init__
else: self.setdata()
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/rpath.py",
line 692, in setdata
if self.lstat(): self.conn.rpath.setdata_local(self)
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/connection.py",
line 445, in __call__
return apply(self.connection.reval, (self.name,) + args)
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/connection.py",
line 367, in reval
if isinstance(result, Exception): raise result
rdiff_backup.Security.Violation:
Warning Security Violation!
Request to handle path /etc
which doesn't appear to be within restrict path /.

Traceback (most recent call last):
# File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/bin/rdiff-backup",
line 24, in ?
rdiff_backup.Main.Main(sys.argv[1:])
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/Main.py",
line 270, in Main
take_action(rps)
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/Main.py",
line 238, in take_action
connection.PipeConnection(sys.stdin, sys.stdout).Server()
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/connection.py",
line 352, in Server
self.get_response(-1)
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/connection.py",
line 314, in get_response
try: req_num, object = self._get()
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/connection.py",
line 230, in _get
raise ConnectionReadError("Truncated header string (problem "
rdiff_backup.connection.ConnectionReadError: Truncated header string
(problem probably originated remotely)
"""

note: i'm trying to just back up /etc for testing purposes.

if i change the command to "--restrict-read-only /etc", then not only
can i backup /etc, i can also backup (say) /etc/init.d separately. so
it appears / is a special case that doesn't work. it's not
(necessarily) the trailing "/" that's at fault either, since putting
"--restrict-read-only /etc/" works too.

cheers,
/lib
Thu Aug 12, 2004 9:14 pm
Display posts from previous:

Backup Central Forums Forum Index » Rdiff-Backup » "--restrict-read-only /" doesnt seem to work

The time now is Fri May 25, 2012 7:56 pm | All times are GMT - 8 Hours
 
Reply to topic Page 1 of 1
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
  


Magic SEO URL for phpBB