Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#32641 - [backuppc] allow backuppc running as a different user from the webserver
Attached to Project:
Community Packages
Opened by higuita (higuita) - Wednesday, 14 November 2012, 01:16 GMT
Last edited by Sébastien Luttringer (seblu) - Sunday, 09 December 2012, 18:32 GMT
Opened by higuita (higuita) - Wednesday, 14 November 2012, 01:16 GMT
Last edited by Sébastien Luttringer (seblu) - Sunday, 09 December 2012, 18:32 GMT
|
DetailsBackuppc right now requires the webserver running as the same user as the backuppc. This will break several other sites that might be running also on the webserver.
with the lack of perl-suid, there is another way to do this, enable a suid binary wrapper that will take care of the user switch and loads backuppc on a clean enviorement Please refer to the wiki update: https://wiki.archlinux.org/index.php/BackupPC#The_webserver_user_and_the_suid_problem Problem already reported upstream, but due the low development rate of backuppc there is still no reply: http://sourceforge.net/mailarchive/forum.php?thread_name=20120612134501.23000%40gmx.net&forum_name=backuppc-devel So at least archlinux should patch this problem |
This task depends upon
Closed by Sébastien Luttringer (seblu)
Sunday, 09 December 2012, 18:32 GMT
Reason for closing: Not a bug
Additional comments about closing: Can be configured by many way in different webserver. Setuid wrapper is probably not the best way to do this.
Sunday, 09 December 2012, 18:32 GMT
Reason for closing: Not a bug
Additional comments about closing: Can be configured by many way in different webserver. Setuid wrapper is probably not the best way to do this.
- configure your web server to run this script as another user ;
- proxy your public web server to a local one running as backuppc ;
- use a setuid trick ;
- use a wrapper with poor privilege escalation.