[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Re: backup under privileged mode (unix permissions

Berger, Daniel

9/11/2003 10:02:00 PM



> -----Original Message-----
> From: Sean O'Dell [mailto:sean@cSePlsoAfMt.com[REMOVE_THE_SPAM]]
> Sent: Thursday, September 11, 2003 3:54 PM
> To: ruby-talk@ruby-lang.org
> Subject: Re: backup under privileged mode (unix permissions)
>
>
> Simon Strandgaard wrote:
> > I have some data which I make a backup of on daily basis.
> > The data has many different owners/groups.
> >
> > I have writen some Ruby which does the job (when logged in
> as root). I
> > don't like running things as root, so I have created a dedicated
> > account only for backup, under which the backup script is
> supposed to
> > be executed.
> >
> > Unfortunatly I cannot figure out the last part (running the ruby
> > script with root read-permissions).
> >
> > Q1: How should I setup the right permissions (setuid,
> /etc/group), any
> > ideas ?
> > Q2: How do you execute your backup scripts with the right
> permissions ?
>
> It gets complicated (I've been there), and sometimes you just have to
> say "hey, that's what root is for."
>
> Assuming your backup script isn't executing anything else through the
> "system" method and such, you probably can't make much use out of
> playing with the real/effective user id's. Your problem is probably
> strictly that you need permission to read the files you need
> backed up.
>
> First thought: run it as root. IMO, that's one of the few
> things root
> is really there for.
>
> A slightly less "certain" method would be to make your backup user a
> member of every group who might own files you want to back
> up. You do
> this by editing the /etc/group file so that each group you
> want to add
> backup to looks something like this:
>
> groupname:x:user,backup
>
> .... then the backup user will have group permissions for every file
> whose group is one of those groups. Unfortunately, if the file is
> readable by the user, but not by the group the file is owned by, your
> backup script will still not be able to read the file.
>
> So, back to square one: run it as root. =)
>
> Sean O'Dell

There's always 'sudo'.

Dan
2 Answers

Sean O'Dell

9/11/2003 10:17:00 PM

0

Berger, Daniel wrote:
>
>>-----Original Message-----
>>From: Sean O''Dell [mailto:sean@cSePlsoAfMt.com[REMOVE_THE_SPAM]]
>>Sent: Thursday, September 11, 2003 3:54 PM
>>To: ruby-talk@ruby-lang.org
>>Subject: Re: backup under privileged mode (unix permissions)
>>
>>
>>Simon Strandgaard wrote:
>>
>>>I have some data which I make a backup of on daily basis.
>>>The data has many different owners/groups.
>>>
>>>I have writen some Ruby which does the job (when logged in
>>
>>as root). I
>>
>>>don''t like running things as root, so I have created a dedicated
>>>account only for backup, under which the backup script is
>>
>>supposed to
>>
>>>be executed.
>>>
>>>Unfortunatly I cannot figure out the last part (running the ruby
>>>script with root read-permissions).
>>>
>>>Q1: How should I setup the right permissions (setuid,
>>
>>/etc/group), any
>>
>>>ideas ?
>>>Q2: How do you execute your backup scripts with the right
>>
>>permissions ?
>>
>>It gets complicated (I''ve been there), and sometimes you just have to
>>say "hey, that''s what root is for."
>>
>>Assuming your backup script isn''t executing anything else through the
>>"system" method and such, you probably can''t make much use out of
>>playing with the real/effective user id''s. Your problem is probably
>>strictly that you need permission to read the files you need
>>backed up.
>>
>>First thought: run it as root. IMO, that''s one of the few
>>things root
>>is really there for.
>>
>>A slightly less "certain" method would be to make your backup user a
>>member of every group who might own files you want to back
>>up. You do
>>this by editing the /etc/group file so that each group you
>>want to add
>>backup to looks something like this:
>>
>> groupname:x:user,backup
>>
>>.... then the backup user will have group permissions for every file
>>whose group is one of those groups. Unfortunately, if the file is
>>readable by the user, but not by the group the file is owned by, your
>>backup script will still not be able to read the file.
>>
>>So, back to square one: run it as root. =)
>>
>> Sean O''Dell
>
>
> There''s always ''sudo''.

What problem is that a solution for?

Sean O''Dell

Simon Strandgaard

9/12/2003 2:24:00 PM

0


Simon Strandgaard wrote:
>
> I have some data which I make a backup of on daily basis.
> The data has many different owners/groups.
>
> I have writen some Ruby which does the job (when logged in
> as root). I

Then Sean O''Dell wrote:
> So, back to square one: run it as root. =)


And now Simon Strandgaard writes:

I have written a short text about how to do backup of CVS on FreeBSD,
with help of Ruby.

http://neoneye.mine.nu/fun_wit...

the ''Running A CVS Server'' need some more work.. So just ignore that :-)

--
Simon Strandgaard