Page 1 of 1
Backing up home directories
Posted: 2019/02/03 12:46:29
by funkytwig
Posting to this security section as I believe backups are broadly classed as part of security and there are specific security questions I have.
I have a backup server that mirrors users on the production server. This is done my seting up the users on the backup server, seting up a ssh key pair for authenticating and doing something like.
rsync -avxP user@production_server:/home/user/. /home/user/.
from backup server. This almost works but there are some files whitch the user can not read so, get I stuff like
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/ips.php": Permission denied (13)
on production server
-rw------- 1 apache apache 51 Feb 3 12:34 /home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/ips.php
Question is how to best sort this. One solution is to conect to root remotly, i.e.
rsync -avxP root@production_server:/home/user/. /home/user/.
But obviously doing this is not good from a security perspective.
So what is the best way of sorting this?
Regards,
Ben
Re: Backing up home directories
Posted: 2019/02/03 14:19:18
by TrevorH
So what is the best way of sorting this?
The *best* way would probably be to fix the permissions so the files can be read
Re: Backing up home directories
Posted: 2019/02/05 10:47:33
by funkytwig
Indeed but the question is what is a good/secure way of doing this.
For reference the full list of files I cant access are:
Code: Select all
rsync: opendir "/home/tvpp/domains/tvppclientarea.uk/homes/admin/.usermin" failed: Permission denied (13)
rsync: opendir "/home/tvpp/domains/tvppclientarea.uk/homes/admin/Maildir" failed: Permission denied (13)
rsync: opendir "/home/tvpp/domains/tvppclientarea.uk/homes/wordpress/.usermin" failed: Permission denied (13)
rsync: opendir "/home/tvpp/domains/tvppclientarea.uk/homes/wordpress/Maildir" failed: Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/attack-data.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/config-livewaf.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/config-synced.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/config-transient.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/config.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/ips.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/template.php": Permission denied (13)
The two options I can think of is
either adding the apache group to the user (whitch allows fill access to the files using user private groups), or
make the files a+r
The later seems better as the former gives the user full access to all apache files?
Or is there another way?
Ben
Re: Backing up home directories
Posted: 2019/02/09 20:33:19
by hunter86_bg
Add 'user' to wheel ?
As you are using keys, it should be pretty much secure.
On my workstations, I create an LVM snapshot , which I mount and then backup the contents. Of course this method won't work for databases unless you 'read lock' them prior the snapshot.
Re: Backing up home directories
Posted: 2019/02/11 13:29:38
by ben_tvpp
Thanks, do I add wheel to the target or destination user?
Also do I need to add sudo at the beginning of rsync command?
Re: Backing up home directories
Posted: 2019/02/11 14:41:09
by ben_tvpp
Something else also occurred to me. I rsync a number of different users, each set up with a keypair. Think I need to set up a user specifically for this and make it a sudo user so everything can go through it.
Re: Backing up home directories
Posted: 2019/02/11 19:22:02
by TrevorH
I can't think of any reason why adding a user to group wheel would affect anything. The only thing that does is it gives them unlimited sudo privileges which probably isn't what you wanted to do.
Re: Backing up home directories
Posted: 2019/02/11 22:25:12
by tunk
Just wondering, how did those files end up there when they're not owned by the user?
Or: should apache really have write access to user's home directories.
An alternative could be an NFS read only export and then run rsync locally as root.
Re: Backing up home directories
Posted: 2019/02/13 18:01:23
by ben_tvpp
I ended up creating a user called backup on server I want to backup and making it a sudo user which can just run rsync.
I then run the script as root on backup server as the files I am backing up belong to a few different users. Some Apache, some different ftp users.
Ben
Re: Backing up home directories
Posted: 2019/05/16 15:00:48
by ron7000
you want
rsnapshot www.rsnapshot.org
it's also a package available in EPEL.
it is a perl script that makes use of rsync, all the work is done for you. you edit one
/usr/local/etc/rsnapshot.conf file to set everything up, basically just specfiy /home as the folder you want backed up.
then create a crontab entry to have
/usr/local/bin/rsnapshot daily to run however frequent, it will run as root, you won't have any permissions problems accessing anything under /home to back them up to wherever the destination is.