Backup under privileged mode (unix permissions)

ruby-talk
1

There’s always ‘sudo’.

Dan

···

-----Original Message-----
From: Sean O’Dell [mailto:sean@cSePlsoAfMt.com[REMOVE_THE_SPAM]]
Sent: Thursday, September 11, 2003 3:54 PM
To: ruby-talk@ruby-lang.org
Subject: Re: backup under privileged mode (unix permissions)

Simon Strandgaard wrote:

I have some data which I make a backup of on daily basis.
The data has many different owners/groups.

I have writen some Ruby which does the job (when logged in
as root). I
don’t like running things as root, so I have created a dedicated
account only for backup, under which the backup script is
supposed to
be executed.

Unfortunatly I cannot figure out the last part (running the ruby
script with root read-permissions).

Q1: How should I setup the right permissions (setuid,
/etc/group), any
ideas ?
Q2: How do you execute your backup scripts with the right
permissions ?

It gets complicated (I’ve been there), and sometimes you just have to
say “hey, that’s what root is for.”

Assuming your backup script isn’t executing anything else through the
“system” method and such, you probably can’t make much use out of
playing with the real/effective user id’s. Your problem is probably
strictly that you need permission to read the files you need
backed up.

First thought: run it as root. IMO, that’s one of the few
things root
is really there for.

A slightly less “certain” method would be to make your backup user a
member of every group who might own files you want to back
up. You do
this by editing the /etc/group file so that each group you
want to add
backup to looks something like this:

 groupname:x:user,backup

… then the backup user will have group permissions for every file
whose group is one of those groups. Unfortunately, if the file is
readable by the user, but not by the group the file is owned by, your
backup script will still not be able to read the file.

So, back to square one: run it as root. =)

Sean O’Dell

2

Berger, Daniel wrote:

From: Sean O’Dell [mailto:sean@cSePlsoAfMt.com[REMOVE_THE_SPAM]]
Sent: Thursday, September 11, 2003 3:54 PM
To: ruby-talk@ruby-lang.org
Subject: Re: backup under privileged mode (unix permissions)

Simon Strandgaard wrote:

I have some data which I make a backup of on daily basis.
The data has many different owners/groups.

I have writen some Ruby which does the job (when logged in

as root). I

don’t like running things as root, so I have created a dedicated
account only for backup, under which the backup script is

supposed to

be executed.

Unfortunatly I cannot figure out the last part (running the ruby
script with root read-permissions).

Q1: How should I setup the right permissions (setuid,

/etc/group), any

ideas ?
Q2: How do you execute your backup scripts with the right

permissions ?

It gets complicated (I’ve been there), and sometimes you just have to
say “hey, that’s what root is for.”

Assuming your backup script isn’t executing anything else through the
“system” method and such, you probably can’t make much use out of
playing with the real/effective user id’s. Your problem is probably
strictly that you need permission to read the files you need
backed up.

First thought: run it as root. IMO, that’s one of the few
things root
is really there for.

A slightly less “certain” method would be to make your backup user a
member of every group who might own files you want to back
up. You do
this by editing the /etc/group file so that each group you
want to add
backup to looks something like this:

groupname:x:user,backup

… then the backup user will have group permissions for every file
whose group is one of those groups. Unfortunately, if the file is
readable by the user, but not by the group the file is owned by, your
backup script will still not be able to read the file.

So, back to square one: run it as root. =)

Sean O’Dell

There’s always ‘sudo’.

What problem is that a solution for?

Sean O'Dell
···

-----Original Message-----