You are not logged in.
- Topics: Active | Unanswered
#1 2021-11-01 11:11:49
- Roken
- Member
- From: South Wales, UK
- Registered: 2012-01-16
- Posts: 1,302
[SOLVED] Rsync backing up remote server
My local machine is Arch.
I have a remote VPS running on Debian which, amongst other things, runs my email server.
After a bit of a scare with the server I figured a local backup was in order, so backing up to an external drive locally using rsync.
I'm getting "Permission denied" errors on remote /var/spool/postfix and and /var/tmp/drupalX directories (everything else seems to backup fine).
Do I need these, and if so, how do I circumvent the permissions issue?
Last edited by Roken (2021-11-03 06:46:52)
Ryzen 5900X 12 core/24 thread - RTX 3090 FE 24 Gb, Asus B550-F Gaming MB, 128Gb Corsair DDR4, Cooler Master N300 chassis, 5 HD (2 NvME PCI, 4SSD) + 1 x optical.
Linux user #545703
/ is the root of all problems.
Offline
#2 2021-11-01 11:15:42
- Morta
- Member
- Registered: 2019-07-07
- Posts: 660
Re: [SOLVED] Rsync backing up remote server
Look at the Arch Wiki under rsync. You shouldn’t backup some folder as tmp, proc and lot of other folder.
Offline
#3 2021-11-01 11:28:45
- Roken
- Member
- From: South Wales, UK
- Registered: 2012-01-16
- Posts: 1,302
Re: [SOLVED] Rsync backing up remote server
I used the command exactly from the full system backup on the Arch wiki, apart from adjusting to connect to the remote server. /var is not excluded on the wiki.
Ryzen 5900X 12 core/24 thread - RTX 3090 FE 24 Gb, Asus B550-F Gaming MB, 128Gb Corsair DDR4, Cooler Master N300 chassis, 5 HD (2 NvME PCI, 4SSD) + 1 x optical.
Linux user #545703
/ is the root of all problems.
Offline
#4 2021-11-01 15:44:34
- Morta
- Member
- Registered: 2019-07-07
- Posts: 660
Re: [SOLVED] Rsync backing up remote server
tmp means temporary and looks like a cachefolder of drupal.
What is whit spool i don't know,sorry. You can give them read permission for the rsync user and they will transfer, but if it necessary i don't know.
Offline
#5 2021-11-01 16:25:15
- Roken
- Member
- From: South Wales, UK
- Registered: 2012-01-16
- Posts: 1,302
Re: [SOLVED] Rsync backing up remote server
Yes, I'm less concerned about the drupal stuff. It's the postfix stuff that's more important.
Looking closer, directories in /var/spool/postfix owned by root have backed up fine, but not directories owned by the postfix user. I have no idea what the password is for the postfix user (I set this email server up in 2013, and haven't needed the password since).
Ryzen 5900X 12 core/24 thread - RTX 3090 FE 24 Gb, Asus B550-F Gaming MB, 128Gb Corsair DDR4, Cooler Master N300 chassis, 5 HD (2 NvME PCI, 4SSD) + 1 x optical.
Linux user #545703
/ is the root of all problems.
Offline
#6 2021-11-01 16:44:04
- Morta
- Member
- Registered: 2019-07-07
- Posts: 660
Re: [SOLVED] Rsync backing up remote server
Yes, I'm less concerned about the drupal stuff. It's the postfix stuff that's more important.
Looking closer, directories in /var/spool/postfix owned by root have backed up fine, but not directories owned by the postfix user. I have no idea what the password is for the postfix user (I set this email server up in 2013, and haven't needed the password since).
You can do
- su
- su postfix
- passwd
or
- su
- passwd postfix
to set a new password if it's possible and isn't no shell/login user under /etc/passwd
Last edited by Morta (2021-11-01 16:44:34)
Offline
#7 2021-11-01 19:18:45
- Roken
- Member
- From: South Wales, UK
- Registered: 2012-01-16
- Posts: 1,302
Re: [SOLVED] Rsync backing up remote server
Thank you, Morta,
before I start changing the PW (whilst I can't remember the password, I do remember that it took me an age to get my email server working, and it's now my primary email. My backup is yahoo, so with enough effort I can change emails, or even redirect my MX records, but I'd rather not) will changing the PW interfere with operation?
EDIT: To be clear, I lost my VPS completely owing to a change of bank card, and an unnoticed failed payment as a result. This has all been resolved, and full server has been restored from a provider backup. It was also a timely reminder to have a local backup, but of course, the email server is one of the more important aspects to be able to restore.
Last edited by Roken (2021-11-01 19:21:20)
Ryzen 5900X 12 core/24 thread - RTX 3090 FE 24 Gb, Asus B550-F Gaming MB, 128Gb Corsair DDR4, Cooler Master N300 chassis, 5 HD (2 NvME PCI, 4SSD) + 1 x optical.
Linux user #545703
/ is the root of all problems.
Offline
#8 2021-11-01 19:24:44
- Morta
- Member
- Registered: 2019-07-07
- Posts: 660
Re: [SOLVED] Rsync backing up remote server
Thank you, Morta,
before I start changing the PW (whilst I can't remember the password, I do remember that it took me an age to get my email server working, and it's now my primary email. My backup is yahoo, so with enough effort I can change emails, or even redirect my MX records, but I'd rather not) will changing the PW interfere with operation?
Shouldn’t change a MX record at all but honestly I‘m not very common with postfix perhaps a other user can say if the auth password of imap and pop will change through this action.
Offline
#9 2021-11-02 17:09:12
- Koatao
- Member
- Registered: 2018-08-30
- Posts: 98
Re: [SOLVED] Rsync backing up remote server
Hello,
Why are you asking on this forum for help?
The error is happening on the remote server running Debian, would'nt it be better ask people running Debian what to do?
Anyway...
You don't circumvent the permission issue (why would you try to exploit security holes in your server? Or worst create some?)
You need to give the user running rsync the proper rights to access the files you want to backup.
One way (maybe not the best) to do so is to run rsync over SSH (which you probably already do) and use sudo to run the rsync command on the remote server as root.
- Create a user on your server (it will only be used to run rsync remotely).
- Give this user the right to run rsync with sudo (by creating a file for it in /etc/sudoers.d, write the full path of the binary in it)
Because a user able to run rsync with sudo can elevate its privilege to root, you will need to set up some restrictions (in case this user would be compromised). You need to configure SSH in a way that only allow the required rsync command to run when the user logs in through ssh:
- Set up a unique keys pair for SSH.
- Modify the authorized_keys file to associate the newly added key with a command option (look for «authorized_keys files format» in sshd manual).
Needless to say you have to know what will be the rsync command run on the server:
rsync -e 'ssh -i private_key -v' <rest_of_the_rsync_command>Running OpenSSH client in verbose mode will add debug and output the rsync command run on the server.
Otherwise, you can look into rrsync (restricted rsync) too.
By the way, the postfix user is most probably a system user, cannot login with password and has no shell:
getent passwd postfix
getent shadow postfixLast edited by Koatao (2021-11-02 17:12:42)
Offline
#10 2021-11-03 06:46:28
- Roken
- Member
- From: South Wales, UK
- Registered: 2012-01-16
- Posts: 1,302
Re: [SOLVED] Rsync backing up remote server
Thank you for the reply. I'd tried all the sudo tricks, but I solved it in a less than secure way by enabling root login over ssh temporarily, and using the remote root account in rsync. After successfully creating a local backup, I disabled root over ssh again.
Ryzen 5900X 12 core/24 thread - RTX 3090 FE 24 Gb, Asus B550-F Gaming MB, 128Gb Corsair DDR4, Cooler Master N300 chassis, 5 HD (2 NvME PCI, 4SSD) + 1 x optical.
Linux user #545703
/ is the root of all problems.
Offline