LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-19-2009, 06:02 AM   #1
digitalquill
LQ Newbie
 
Registered: Jan 2009
Posts: 6

Rep: Reputation: 0
Rsync Permissions Problem


Hi all

I have a problem with my rsync backup

First of all my setup is thus:

I have a Linux box (NAS Drive unsure of the linux version) at the office which has an rsync cron on it which pulls from my web server as a backup. It pulls websites, mysql, conf files etc.

My web server is running debian etch LAMP etc.

When I originally set it up I used root user to log into the web server, and setup keys to authenticate, this worked perfectly.

I then decided that having direct root access to the web server was a bad thing so I have turned off root login (PermitRootLogin no in sshd_config)

I then setup a backup user which works fine for the website files but fails on permissions for the mysql data files (/var/lib/mysql) along with some other files.

How can I get over this without granting root access to the backup user which would defeat the object of not allowing root access. I have tried adding the backup user to the Mysql group which owns the mysql files but this still doe snot allow me to run the rsync


Any help or tips would be appreciated

Thanks

Matt Houldsworth
Digitalquill
 
Old 01-19-2009, 06:16 AM   #2
eco
Member
 
Registered: May 2006
Location: BE
Distribution: Debian/Gentoo
Posts: 412

Rep: Reputation: 48
Hi Matt,

Could you send us the command your NAS executes to pull the data and what error you get?

For what it's worth, you might be better off doing a dump of the database(s) using mysqldump rather than backing up /var/lib/mysql.
 
Old 01-19-2009, 06:28 AM   #3
digitalquill
LQ Newbie
 
Registered: Jan 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by eco View Post
Hi Matt,

Could you send us the command your NAS executes to pull the data and what error you get?

For what it's worth, you might be better off doing a dump of the database(s) using mysqldump rather than backing up /var/lib/mysql.


Hi thanks for getting back to me

the command I use is:
Code:
rsync -avz -e "ssh -i /home/admin/rsync-key" BackupUser@host.co.uk:/var/lib/mysql//shares/internal/BACKUPS/Webserver/MySQL/
this gives the error

Code:
rsync: opendir "/var/lib/mysql/vsftpd" failed: Permission denied (13)
I also get this error on some of my website files cache files on a phpbb setup and also some of the files in users home directories

thanks

Matt
 
Old 01-19-2009, 07:06 AM   #4
eco
Member
 
Registered: May 2006
Location: BE
Distribution: Debian/Gentoo
Posts: 412

Rep: Reputation: 48
I'm wondering if this hasn't something to do with files being open and in use.

I was wondering if it wouldn't be easier to create an rsync server running on the NAS and have your clients rsync to the NAS rather than the NAS pulling the data.

You'd solve your security problems, be able to dump the database within the bash script that will launch your rsync backup, etc.

What do you think?
 
Old 01-19-2009, 07:11 AM   #5
digitalquill
LQ Newbie
 
Registered: Jan 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by eco View Post
I'm wondering if this hasn't something to do with files being open and in use.

I was wondering if it wouldn't be easier to create an rsync server running on the NAS and have your clients rsync to the NAS rather than the NAS pulling the data.

You'd solve your security problems, be able to dump the database within the bash script that will launch your rsync backup, etc.

What do you think?

Yes that might work although I only have a dynamic IP so I would have to install a dyndns updater or something similar

The only other thing is in the situation I have if the NAS drive is switched off it does not run, if it were pushing from the web server which is always on would it just fail gracefully or would it mess things up?

So is it right from what you are saying rsync can not backup open files?
 
Old 01-19-2009, 07:32 AM   #6
eco
Member
 
Registered: May 2006
Location: BE
Distribution: Debian/Gentoo
Posts: 412

Rep: Reputation: 48
Hi,

For the problem with open files. I'd ignore what I said.

I did a test (locally) and managed to rsync my running database without any problems... and the error does say Permission denied so I guess the problem is down to permissions.


There are some great tools for dyndns so that wouldn't be a problem.

As for the scripts behaviour, it wouldn't be a problem and you can always put fail safes.

I think the advantage of pushing to an rsync server is that your root user can do the pushing to a rsync user with limited rights. This will give you a bit more security.

We can work on your permision problem though. What do you have when you do an

Code:
# ls -ld /var/lib/mysql/vsftpd
# ls -l /var/lib/mysql/vsftpd
 
Old 01-19-2009, 07:39 AM   #7
digitalquill
LQ Newbie
 
Registered: Jan 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by eco View Post
Hi,

For the problem with open files. I'd ignore what I said.

I did a test (locally) and managed to rsync my running database without any problems... and the error does say Permission denied so I guess the problem is down to permissions.


There are some great tools for dyndns so that wouldn't be a problem.

As for the scripts behaviour, it wouldn't be a problem and you can always put fail safes.

I think the advantage of pushing to an rsync server is that your root user can do the pushing to a rsync user with limited rights. This will give you a bit more security.

We can work on your permision problem though. What do you have when you do an

Code:
# ls -ld /var/lib/mysql/vsftpd
# ls -l /var/lib/mysql/vsftpd


I get the following:

digitalquill:~# ls -ld /var/lib/mysql/vsftpd
drwx------ 2 mysql mysql 4096 2008-12-31 19:27 /var/lib/mysql/vsftpd

digitalquill:~# ls -l /var/lib/mysql/vsftpd
total 24
-rw-r----- 1 mysql mysql 8624 2008-12-31 19:27 accounts.frm
-rw-r----- 1 mysql mysql 60 2008-12-31 19:27 accounts.MYD
-rw-r----- 1 mysql mysql 3072 2008-12-31 19:27 accounts.MYI
-rw-r----- 1 mysql mysql 65 2008-12-31 19:27 db.opt
digitalquill:~#

I have also tried adding my backup user to the mysql group and even to the root group but this seems to make no difference

thanks

Matt
 
Old 01-19-2009, 07:48 AM   #8
digitalquill
LQ Newbie
 
Registered: Jan 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by digitalquill View Post
I get the following:

digitalquill:~# ls -ld /var/lib/mysql/vsftpd
drwx------ 2 mysql mysql 4096 2008-12-31 19:27 /var/lib/mysql/vsftpd

digitalquill:~# ls -l /var/lib/mysql/vsftpd
total 24
-rw-r----- 1 mysql mysql 8624 2008-12-31 19:27 accounts.frm
-rw-r----- 1 mysql mysql 60 2008-12-31 19:27 accounts.MYD
-rw-r----- 1 mysql mysql 3072 2008-12-31 19:27 accounts.MYI
-rw-r----- 1 mysql mysql 65 2008-12-31 19:27 db.opt
digitalquill:~#

I have also tried adding my backup user to the mysql group and even to the root group but this seems to make no difference

thanks

Matt


I have also just logged into ssh via the backup user, I can change directory as far as /var/lib/mysql but not into each databases folder
 
Old 01-19-2009, 07:49 AM   #9
eco
Member
 
Registered: May 2006
Location: BE
Distribution: Debian/Gentoo
Posts: 412

Rep: Reputation: 48
I should have asked that first!

Your problem is here:
Quote:
drwx------ 2 mysql mysql 4096 2008-12-31 19:27 /var/lib/mysql/vsftpd
The only user that can access it's content is user mysql. The group mysql doesn't have access.

You'd have to change the permissions but I advise against that. You're better off dumping the data to a file and backing it up than mes with database permissions.
 
Old 01-19-2009, 08:03 AM   #10
digitalquill
LQ Newbie
 
Registered: Jan 2009
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by eco View Post
I should have asked that first!

Your problem is here:


The only user that can access it's content is user mysql. The group mysql doesn't have access.

You'd have to change the permissions but I advise against that. You're better off dumping the data to a file and backing it up than mes with database permissions.


Thanks for your help. I think the best (as I have other files in addition to mysql that have permission problems) to go for a push from the server, then that can run on roots cron which should then be able to access it

thanks again for your help

Matt
 
  


Reply

Tags
rsync


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
rsync with permissions, but not as root nifflerX Linux - General 5 09-28-2011 11:14 PM
rsync permissions issue zeeple Linux - Software 3 11-03-2008 08:13 PM
rsync over ssh and file permissions security problem ? uncle-c Linux - Newbie 3 03-13-2008 11:21 AM
Remote rsync permissions error gigamike Linux - Networking 0 05-19-2007 07:21 PM
Windows Rsync Upload to Linux Rsync - permissions inspleak Linux - Software 0 10-12-2004 02:49 PM


All times are GMT -5. The time now is 09:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration