# Backup user privileges



## frabron (Oct 5, 2012)

Hi,

I want to backup my server using dump over a ssh connection to a remote machine with plenty of disk space. Now I wonder, what would be the best strategy to do that. My sshd is configured to not allow root login because the machine is connected to the internet.

But since running dump requires root privileges I am unsure if my idea is even possible to carry out. Unfortunately the target system is connected through an ADSL connection to the internet, so I really want to trigger the backup process from the backup machine.

I've read Dump via ssh, but I actually want the inverse direction, start with ssh and receive the dump stream and save it to my harddrive. Is that possible? Maybe through a special backup user with root privileges?

Many thanks,

Frank


----------



## SirDice (Oct 5, 2012)

Create a backup user and add that user to sudoers(5) (security/sudo). Configure it to only allow the running of dump(8).


----------



## plamaiziere (Oct 5, 2012)

frabron said:
			
		

> Hi,
> 
> I want to backup my server using dump
> ...
> Maybe through a special backup user with root privileges?



You don't need root privileges to use dump, you just have to be in the group operator so you can read the device.
(I guess this is because in the old time, backups required manual intervention by operators to change tapes and so on)

example:

```
$ ls -l /dev/ada0s1a
crw-r-----  1 root  operator    0,  95 Sep 29 20:53 /dev/ada0s1a

$ id
uid=1002(patrick) gid=1002(patrick) groups=1002(patrick),0(wheel),5(operator)

$ dump -0Lauf - /dev/ada0s1a > dump
  DUMP: Date of this level 0 dump: Fri Oct  5 23:13:02 2012
  DUMP: Date of last level 0 dump: the epoch
  DUMP: Dumping snapshot of /dev/ada0s1a (/) to standard output
...
  DUMP: DUMP IS DONE
```

Anyway an operator user is still dangerous because he can read all the filesystems.

Regards.


----------



## frabron (Oct 15, 2012)

Hi,

I wanted to thank all of you for your help. In the end I went Sir Dice's way and got my dump command running.
But (there's always a but ) during the test my ADSL connection got interrupted and the ssh connection failed. On the server side the sshd daemon somehow got confused and ate up all the available memory and I had to manually reset the server. I guess it was the dump command still running.
Now I wonder what usually should happen if you run a command on the server and the ssh connection gets interrupted. Is the carried out command also interrupted or will it run until it finishes? E.g.
[CMD=">"]ssh "find /usr -type d -exec chmod 775 {} +" user@server [/CMD]
will find still run when ssh terminates accidentaly?

Thanks,

Frank


----------



## AlexJ (Oct 15, 2012)

Always use nohup(1) if you doing any critical operation(changing firewall rules, backuping, etc) over remote connections.
Just place it as prefix to your command.

[CMD=""]> ssh "nohup find /usr -type d -exec chmod 775 {} +" user@server[/CMD]

When you are working interactively, use sysutils/tmux to prevent termination of running processes in case of network disruptions.


----------



## sysliquid (Oct 15, 2012)

A _little_ bit off topic, but on an older server of mine that I've since decommissioned I use to send geli-encrypted devices with dd over netcat to some success. In my case the server was just housing a lot of my media, so I didn't care about encrypting the stream if the device itself was encrypted, and netcat with compression can get pretty fast. For what its worth.


----------

