The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Backup skips files it cant read

Discussion in 'Data Protection' started by forlinuxsupport, Jul 22, 2009.

  1. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Hi

    Not sure if this is a bug or not.

    Looks like the "gtar" process runs as the owner of the domain.
    e.g. if the domain owner is "andy" then gtar runs as that.

    The problem is if I have files that have these permisisons :
    -rw------- 1 nobody nobody 221 Jul 22 12:07 /home/andy/public_html/file1.php

    Those files WILL NOT be backed up because user "andy" cant access them.

    Should the "gtar" script run as user root rather ?
    andy 21505 3.5 0.0 13172 6548 ? DN 11:55 0:16 \_ /bin/gtar -c -f - -X /home/andy/cpbackup-exclude.conf -X /etc/cpbackup-exclude.conf .

    Regards
    Andy
     
  2. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Brief history:

    We changed the way the tar process is executed back in cPanel 11.18, but only for select scenarios. In cPanel 11.23 we changed the process to always run as the user.

    Running the backup process as the root user introduces some nifty exploit vectors.

    A design philosophy we follow is "do as much as the user as possible."

    We understand operating the tar process as the account owner introduces some interesting scenarios of its own. There are some ways to mitigate issues:

    1) Insure all files/directores in /home/user are either owned by the user or at least accessible ( e.g. 0644 for files, 0755 for directories );
    2) Files that truly aren't needed ( e.g. cache and temporary files ) can be added to the cpbackup-skip.conf file

    With that said we are examining the current design to allow inclusion to files and directories owned by the 'nobody' user as that seems to be the center of most contention with this design decision.
     
  3. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Hi

    Thanks for the quick response.

    I realized that it ran as the normal user for security reasons.

    Its just a bit of a gotcha for people thinking EVERYTHING is being backed up and its not always the case.

    Regards
    Andy
     
  4. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    You are welcome.

    Considering your history with, and knowledge of, the cPanel product I knew you didn't need told about the design considerations. However my response was not directed wholly at you, but at the wider audience that will read this thread in the coming days.

    That said, I appreciate the way you broached the subject.
     
  5. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I suppose I have to ask.

    Can I force it to use user "root" instead ?
     
  6. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Not to my knowledge ( at least not without heavily modifying the pkgacct script ).
     
Loading...

Share This Page