[rdiff-backup-users] unattended rdiff-backup documentation update

[dean gaudet]

for the past month or two i've been doing rdiff-backups using a non-root 
account -- which relies on rdiff-backup's metadata support to handle 
restores with correct privileges.  this has been working out pretty well, 
and it's a more paranoid/secure configuration... so i've updated my 
documentation to explain how this is done.

also included is a patch for ssh cipher none, a note on localhost non-root 
backups using sudo, and an example using LVM1 snapshots to produce a 
stable disk image for rdiff-backup.

http://arctic.org/~dean/rdiff-backup/unattended.html

ben -- below are my current differences vs. 0.13.4 ... it'd be cool to see 
at least the bugfixes in a 0.13.5 :)

laters
-dean

- fix calculate-average command line option
- reduce verbosity of several messages regarding filesystem capabilities so
  as to clean up cron'd output
- "--restrict-read-only /" should allow all subpaths ... but it
  is denying everything other than /.

--- rdiff-backup-0.13.4.orig/rdiff_backup/Main.py
+++ rdiff-backup-0.13.4/rdiff_backup/Main.py
@@ -179,6 +179,7 @@
                else:
                        commandline_error("Switches missing or wrong number of 
arguments")
        elif action == 'test-server': pass # test-server takes any number of 
args
+       elif action == 'calculate-average': pass # calculate-average takes any 
number of args
        elif l > 2 or action not in arg_action_dict[l]:
                commandline_error("Wrong number of arguments given.")
 
@@ -384,10 +385,10 @@
                        rpout.conn.Globals.set_local(conn_attr, 1)
 
        src_fsa = rpin.conn.fs_abilities.get_fsabilities_readonly('source', 
rpin)
-       Log(str(src_fsa), 3)
+       Log(str(src_fsa), 4)
        dest_fsa = rpout.conn.fs_abilities.get_fsabilities_readwrite(
                'destination', Globals.rbdir, 1, Globals.chars_to_quote)
-       Log(str(dest_fsa), 3)
+       Log(str(dest_fsa), 4)
 
        update_triple(src_fsa.eas, dest_fsa.eas,
                                  ('eas_active', 'eas_write', 'eas_conn'))
@@ -490,10 +491,10 @@
 
        target_fsa = target.conn.fs_abilities.get_fsabilities_readwrite(
                'destination', target, 0)
-       Log(str(target_fsa), 3)
+       Log(str(target_fsa), 4)
        mirror_fsa = 
Globals.rbdir.conn.fs_abilities.get_fsabilities_restoresource(
                Globals.rbdir)
-       Log(str(mirror_fsa), 3)
+       Log(str(mirror_fsa), 4)
 
        update_triple(mirror_fsa.eas, target_fsa.eas,
                                  ('eas_active', 'eas_write', 'eas_conn'))
@@ -675,7 +676,7 @@
                rbdir.conn.Globals.set_local(conn_attr, 1)
 
        fsa = rbdir.conn.fs_abilities.get_fsabilities_readwrite('archive', 
rbdir)
-       Log(str(fsa), 3)
+       Log(str(fsa), 4)
 
        update_triple(fsa.eas, ('eas_active', 'eas_write', 'eas_conn'))
        update_triple(fsa.acls, ('acls_active', 'acls_write', 'acls_conn'))
--- rdiff-backup-0.13.4.orig/rdiff_backup/Security.py
+++ rdiff-backup-0.13.4/rdiff_backup/Security.py
@@ -195,6 +195,7 @@
        """Require rpath not to step outside retricted directory"""
        if Globals.restrict_path and rpath.conn is Globals.local_connection:
                normalized, restrict = rpath.normalize().path, 
Globals.restrict_path
+               if restrict == "/": return
                components = normalized.split("/")
                # 3 cases for restricted dir /usr/foo:  /var, /usr/foobar, 
/usr/foo/..
                if (not normalized.startswith(restrict) or