[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[rdiff-backup-users] "--restrict-read-only /" doesn't seem to work
From: |
Bill Clarke |
Subject: |
[rdiff-backup-users] "--restrict-read-only /" doesn't seem to work |
Date: |
Fri, 13 Aug 2004 15:01:10 +1000 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7) Gecko/20040616 MultiZilla/1.6.4.0b Mnenhy/0.6.0.104 |
this occurs with the following versions: 0.12.7, 0.13.4, and the CVS
HEAD as of 20030813, 04:30 GMT 2004.
note: "--restrict /" also doesn't work. but that's less useful (-:
this is on two Solaris 9 machines; rdiff-backup is run by python 2.3.4,
and is using the current head of the librsync CVS tree (required to
workaround a bug in librsync!).
i have the setup as recommended by
<http://arctic.org/%7Edean/rdiff-backup/unattended.html> for unattended
backups:
- my original server ("alcatraz") has the following in its
/.ssh/authorized_keys:
"""
command="/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/bin/rdiff-backup
--server --restrict-read-only
/",from="alto",no-port-forwarding,no-x11-forwarding,no-pty ssh-rsa [...]
address@hidden
"""
(where i changed command to different versions of rdiff-backup)
my understanding of the authorized_keys format is that the command given
is run irrespective of the command given over ssh. so no schema is
required.
- the [...] is the public key of the alternate identity from the mirror
server ("alto", used to send to "alcatraz-backup", which redirects to
"alcatraz").
if i remove the "--restrict-read-only /" from the command in
authorized_keys, then backups from "alcatraz-backup" to alto work as
expected.
however, with "--restrict-read-only /" or "--restrict /" appended to
command the backup fails:
"""
# /usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/bin/rdiff-backup
alcatraz-backup::/etc /tmp/alcatraz-etc-backup
Traceback (most recent call last):
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/bin/rdiff-backup",
line 24, in ?
rdiff_backup.Main.Main(sys.argv[1:])
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/Main.py",
line 267, in Main
rps = map(SetConnections.cmdpair2rp, cmdpairs)
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/SetConnections.py",
line 75, in cmdpair2rp
return rpath.RPath(conn, filename).normalize()
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/rpath.py",
line 667, in __init__
else: self.setdata()
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/rpath.py",
line 692, in setdata
if self.lstat(): self.conn.rpath.setdata_local(self)
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/connection.py",
line 445, in __call__
return apply(self.connection.reval, (self.name,) + args)
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/connection.py",
line 367, in reval
if isinstance(result, Exception): raise result
rdiff_backup.Security.Violation:
Warning Security Violation!
Request to handle path /etc
which doesn't appear to be within restrict path /.
Traceback (most recent call last):
# File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/bin/rdiff-backup",
line 24, in ?
rdiff_backup.Main.Main(sys.argv[1:])
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/Main.py",
line 270, in Main
take_action(rps)
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/Main.py",
line 238, in take_action
connection.PipeConnection(sys.stdin, sys.stdout).Server()
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/connection.py",
line 352, in Server
self.get_response(-1)
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/connection.py",
line 314, in get_response
try: req_num, object = self._get()
File
"/usr/local/stow/rdiff-backup-0.13.4+cvs-20040813/lib/python2.3/site-packages/rdiff_backup/connection.py",
line 230, in _get
raise ConnectionReadError("Truncated header string (problem "
rdiff_backup.connection.ConnectionReadError: Truncated header string
(problem probably originated remotely)
"""
note: i'm trying to just back up /etc for testing purposes.
if i change the command to "--restrict-read-only /etc", then not only
can i backup /etc, i can also backup (say) /etc/init.d separately. so
it appears / is a special case that doesn't work. it's not
(necessarily) the trailing "/" that's at fault either, since putting
"--restrict-read-only /etc/" works too.
cheers,
/lib
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [rdiff-backup-users] "--restrict-read-only /" doesn't seem to work,
Bill Clarke <=