Simon Strandgaard wrote:
I have some data which I make a backup of on daily basis.
The data has many different owners/groups.I have writen some Ruby which does the job (when logged in as root).
I don’t like running things as root, so I have created a dedicated
account only for backup, under which the backup script is supposed
to be executed.Unfortunatly I cannot figure out the last part (running the
ruby script with root read-permissions).Q1: How should I setup the right permissions (setuid, /etc/group), any ideas ?
Q2: How do you execute your backup scripts with the right permissions ?
It gets complicated (I’ve been there), and sometimes you just have to
say “hey, that’s what root is for.”
Assuming your backup script isn’t executing anything else through the
“system” method and such, you probably can’t make much use out of
playing with the real/effective user id’s. Your problem is probably
strictly that you need permission to read the files you need backed up.
First thought: run it as root. IMO, that’s one of the few things root
is really there for.
A slightly less “certain” method would be to make your backup user a
member of every group who might own files you want to back up. You do
this by editing the /etc/group file so that each group you want to add
backup to looks something like this:
groupname:x:user,backup
… then the backup user will have group permissions for every file
whose group is one of those groups. Unfortunately, if the file is
readable by the user, but not by the group the file is owned by, your
backup script will still not be able to read the file.
So, back to square one: run it as root. =)
Sean O'Dell