[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[rdiff-backup-users] Backing up permissions
|
From: |
Chris Wilson |
|
Subject: |
[rdiff-backup-users] Backing up permissions |
|
Date: |
Thu, 10 Apr 2008 09:46:41 +0100 (BST) |
Hi all,
I've experienced this problem a number of times before, and I know other
users have too:
When backing up a directory that is read-only or has bizarre permissions
(e.g. 0000) rdiff-backup maintains those permissions _even if_ it's
running as a normal user and therefore can't change the owner of the
destination files.
This causes at least two problems:
* when backing up a read-only directory, rdiff-backup creates a read-only
destination and then crashes when trying to write to it
* the repository may have less security than the original files, e.g. if a
file was 0750 root:admins, it could end up 750 backup:users and be
world-readable.
I understand that this is part of rdiff-backup trying to mirror the
original system as much as possible, but mirroring part of the permissions
without the other parts is counter-productive and dangerous in this case.
I think that rdiff-backup should use mode 0700 or 0750 at the admin's
option when not running as root, or at the very least force mode u+rw
(files) and u+rwx (directories) to avoid the first problem.
I haven't tested this with 1.1 as I can't afford the time or risk to
upgrade all my servers to a development version right now. But I'd like to
know whether 1.1 users have seen this problem too, or whether it is fixed
in 1.1?
Incidentally, this slightly unusual stack trace may point to a case that
hasn't been caught:
SpecialFileError oldroot/dev/Volume00/LogVol00 [Errno 13] Permission
denied
Traceback (most recent call last):
File "/usr/bin/rdiff-backup", line 23, in ?
rdiff_backup.Main.Main(sys.argv[1:])
File "/usr/lib/python2.4/site-packages/rdiff_backup/Main.py", line 285,
in Main
take_action(rps)
File "/usr/lib/python2.4/site-packages/rdiff_backup/Main.py", line 255,
in take_action
elif action == "backup": Backup(rps[0], rps[1])
File "/usr/lib/python2.4/site-packages/rdiff_backup/Main.py", line 308,
in Backup
backup.Mirror(rpin, rpout)
File "/usr/lib/python2.4/site-packages/rdiff_backup/backup.py", line 38,
in Mirror
DestS.patch(dest_rpath, source_diffiter)
File "/usr/lib/python2.4/site-packages/rdiff_backup/backup.py", line
218, in patch
ITR(diff.index, diff)
File "/usr/lib/python2.4/site-packages/rdiff_backup/rorpiter.py", line
285, in __call__
last_branch.fast_process(*args)
File "/usr/lib/python2.4/site-packages/rdiff_backup/backup.py", line
490, in fast_process
if self.patch_to_temp(rp, diff_rorp, tf):
File "/usr/lib/python2.4/site-packages/rdiff_backup/backup.py", line
507, in patch_to_temp
self.write_special(diff_rorp, new)
File "/usr/lib/python2.4/site-packages/rdiff_backup/backup.py", line
542, in write_special
new.touch()
File "/usr/lib/python2.4/site-packages/rdiff_backup/rpath.py", line 840,
in touch
self.conn.open(self.path, "w").close()
IOError: [Errno 13] Permission denied:
'/mnt/backup/fen-apps/home/oldroot/dev/Volume00/rdiff-backup.tmp.426139'
The directory /home/oldroot/dev/Volume00 is 0500 on the source, and
/mnt/backup/fen-apps/home/oldroot/dev/Volume00 was created 0500 by
rdiff-backup, but then write_special tries to create the fake device node
in it.
If nobody knows anything about this I may attempt to hack together a
patch.
Cheers, Chris.
--
_____ __ _
\ __/ / ,__(_)_ | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\ _/_/_/_//_/___/ | We are GNU : free your mind & your software |
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [rdiff-backup-users] Backing up permissions,
Chris Wilson <=