Backing up home directories

Support for security such as Firewalls and securing linux
Post Reply
funkytwig
Posts: 4
Joined: 2019/02/03 11:48:04

Backing up home directories

Post by funkytwig » 2019/02/03 12:46:29

Posting to this security section as I believe backups are broadly classed as part of security and there are specific security questions I have.

I have a backup server that mirrors users on the production server. This is done my seting up the users on the backup server, seting up a ssh key pair for authenticating and doing something like.

rsync -avxP user@production_server:/home/user/. /home/user/.

from backup server. This almost works but there are some files whitch the user can not read so, get I stuff like

rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/ips.php": Permission denied (13)

on production server

-rw------- 1 apache apache 51 Feb 3 12:34 /home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/ips.php

Question is how to best sort this. One solution is to conect to root remotly, i.e.

rsync -avxP root@production_server:/home/user/. /home/user/.

But obviously doing this is not good from a security perspective.

So what is the best way of sorting this?

Regards,
Ben

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Backing up home directories

Post by TrevorH » 2019/02/03 14:19:18

So what is the best way of sorting this?
The *best* way would probably be to fix the permissions so the files can be read ;-)
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

funkytwig
Posts: 4
Joined: 2019/02/03 11:48:04

Re: Backing up home directories

Post by funkytwig » 2019/02/05 10:47:33

Indeed but the question is what is a good/secure way of doing this.

For reference the full list of files I cant access are:

Code: Select all

rsync: opendir "/home/tvpp/domains/tvppclientarea.uk/homes/admin/.usermin" failed: Permission denied (13)
rsync: opendir "/home/tvpp/domains/tvppclientarea.uk/homes/admin/Maildir" failed: Permission denied (13)
rsync: opendir "/home/tvpp/domains/tvppclientarea.uk/homes/wordpress/.usermin" failed: Permission denied (13)
rsync: opendir "/home/tvpp/domains/tvppclientarea.uk/homes/wordpress/Maildir" failed: Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/attack-data.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/config-livewaf.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/config-synced.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/config-transient.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/config.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/ips.php": Permission denied (13)
rsync: send_files failed to open "/home/tvpp/domains/tvppclientarea.uk/public_html/wp-content/wflogs/template.php": Permission denied (13)
The two options I can think of is

either adding the apache group to the user (whitch allows fill access to the files using user private groups), or

make the files a+r

The later seems better as the former gives the user full access to all apache files?

Or is there another way?

Ben

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Backing up home directories

Post by hunter86_bg » 2019/02/09 20:33:19

Add 'user' to wheel ?
As you are using keys, it should be pretty much secure.
On my workstations, I create an LVM snapshot , which I mount and then backup the contents. Of course this method won't work for databases unless you 'read lock' them prior the snapshot.

User avatar
ben_tvpp
Posts: 62
Joined: 2018/12/04 13:28:51

Re: Backing up home directories

Post by ben_tvpp » 2019/02/11 13:29:38

Thanks, do I add wheel to the target or destination user?

Also do I need to add sudo at the beginning of rsync command?

User avatar
ben_tvpp
Posts: 62
Joined: 2018/12/04 13:28:51

Re: Backing up home directories

Post by ben_tvpp » 2019/02/11 14:41:09

Something else also occurred to me. I rsync a number of different users, each set up with a keypair. Think I need to set up a user specifically for this and make it a sudo user so everything can go through it.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Backing up home directories

Post by TrevorH » 2019/02/11 19:22:02

I can't think of any reason why adding a user to group wheel would affect anything. The only thing that does is it gives them unlimited sudo privileges which probably isn't what you wanted to do.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

tunk
Posts: 1205
Joined: 2017/02/22 15:08:17

Re: Backing up home directories

Post by tunk » 2019/02/11 22:25:12

Just wondering, how did those files end up there when they're not owned by the user?
Or: should apache really have write access to user's home directories.
An alternative could be an NFS read only export and then run rsync locally as root.

User avatar
ben_tvpp
Posts: 62
Joined: 2018/12/04 13:28:51

Re: Backing up home directories

Post by ben_tvpp » 2019/02/13 18:01:23

I ended up creating a user called backup on server I want to backup and making it a sudo user which can just run rsync.

I then run the script as root on backup server as the files I am backing up belong to a few different users. Some Apache, some different ftp users.

Ben

ron7000
Posts: 162
Joined: 2019/01/15 20:00:28

Re: Backing up home directories

Post by ron7000 » 2019/05/16 15:00:48

you want rsnapshot www.rsnapshot.org

it's also a package available in EPEL.

it is a perl script that makes use of rsync, all the work is done for you. you edit one /usr/local/etc/rsnapshot.conf file to set everything up, basically just specfiy /home as the folder you want backed up.

then create a crontab entry to have /usr/local/bin/rsnapshot daily to run however frequent, it will run as root, you won't have any permissions problems accessing anything under /home to back them up to wherever the destination is.

Post Reply