Backing up home directories

Support for security such as Firewalls and securing linux
Post Reply
funkytwig
Posts: 4
Joined: 2019/02/03 11:48:04

Backing up home directories

Post by funkytwig » 2019/02/03 12:46:29

Posting to this security section as I believe backups are broadly classed as part of security and there are specific security questions I have.

I have a backup server that mirrors users on the production server. This is done my seting up the users on the backup server, seting up a ssh key pair for authenticating and doing something like.

rsync -avxP user@production_server:/home/user/. /home/user/.

from backup server. This almost works but there are some files whitch the user can not read so, get I stuff like

rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/ips.php": Permission denied (13)

on production server

-rw------- 1 apache apache 51 Feb 3 12:34 /home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/ips.php

Question is how to best sort this. One solution is to conect to root remotly, i.e.

rsync -avxP root@production_server:/home/user/. /home/user/.

But obviously doing this is not good from a security perspective.

So what is the best way of sorting this?

Regards,
Ben

User avatar
TrevorH
Forum Moderator
Posts: 25548
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Backing up home directories

Post by TrevorH » 2019/02/03 14:19:18

So what is the best way of sorting this?
The *best* way would probably be to fix the permissions so the files can be read ;-)
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

funkytwig
Posts: 4
Joined: 2019/02/03 11:48:04

Re: Backing up home directories

Post by funkytwig » 2019/02/05 10:47:33

Indeed but the question is what is a good/secure way of doing this.

For reference the full list of files I cant access are:

Code: Select all

rsync: opendir "/home/tvpp/domains/tvppclientarea.uk/homes/admin/.usermin" failed: Permission denied (13)
rsync: opendir "/home/tvpp/domains/tvppclientarea.uk/homes/admin/Maildir" failed: Permission denied (13)
rsync: opendir "/home/tvpp/domains/tvppclientarea.uk/homes/wordpress/.usermin" failed: Permission denied (13)
rsync: opendir "/home/tvpp/domains/tvppclientarea.uk/homes/wordpress/Maildir" failed: Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/attack-data.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/config-livewaf.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/config-synced.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/config-transient.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/config.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/ips.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/template.php": Permission denied (13)
The two options I can think of is

either adding the apache group to the user (whitch allows fill access to the files using user private groups), or

make the files a+r

The later seems better as the former gives the user full access to all apache files?

Or is there another way?

Ben

hunter86_bg
Posts: 1737
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Backing up home directories

Post by hunter86_bg » 2019/02/09 20:33:19

Add 'user' to wheel ?
As you are using keys, it should be pretty much secure.
On my workstations, I create an LVM snapshot , which I mount and then backup the contents. Of course this method won't work for databases unless you 'read lock' them prior the snapshot.

ben_tvpp
Posts: 29
Joined: 2018/12/04 13:28:51

Re: Backing up home directories

Post by ben_tvpp » 2019/02/11 13:29:38

Thanks, do I add wheel to the target or destination user?

Also do I need to add sudo at the beginning of rsync command?

ben_tvpp
Posts: 29
Joined: 2018/12/04 13:28:51

Re: Backing up home directories

Post by ben_tvpp » 2019/02/11 14:41:09

Something else also occurred to me. I rsync a number of different users, each set up with a keypair. Think I need to set up a user specifically for this and make it a sudo user so everything can go through it.

User avatar
TrevorH
Forum Moderator
Posts: 25548
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Backing up home directories

Post by TrevorH » 2019/02/11 19:22:02

I can't think of any reason why adding a user to group wheel would affect anything. The only thing that does is it gives them unlimited sudo privileges which probably isn't what you wanted to do.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

tunk
Posts: 535
Joined: 2017/02/22 15:08:17

Re: Backing up home directories

Post by tunk » 2019/02/11 22:25:12

Just wondering, how did those files end up there when they're not owned by the user?
Or: should apache really have write access to user's home directories.
An alternative could be an NFS read only export and then run rsync locally as root.

ben_tvpp
Posts: 29
Joined: 2018/12/04 13:28:51

Re: Backing up home directories

Post by ben_tvpp » 2019/02/13 18:01:23

I ended up creating a user called backup on server I want to backup and making it a sudo user which can just run rsync.

I then run the script as root on backup server as the files I am backing up belong to a few different users. Some Apache, some different ftp users.

Ben

ron7000
Posts: 68
Joined: 2019/01/15 20:00:28

Re: Backing up home directories

Post by ron7000 » 2019/05/16 15:00:48

you want rsnapshot www.rsnapshot.org

it's also a package available in EPEL.

it is a perl script that makes use of rsync, all the work is done for you. you edit one /usr/local/etc/rsnapshot.conf file to set everything up, basically just specfiy /home as the folder you want backed up.

then create a crontab entry to have /usr/local/bin/rsnapshot daily to run however frequent, it will run as root, you won't have any permissions problems accessing anything under /home to back them up to wherever the destination is.

Post Reply