Results 1 to 13 of 13
  1. #1

    Adding a user for remote backups

    I'm looking at implementing remote backups such that they are pulled from my server.

    It is a dedicated server with only one site. Apache runs as 'nobody' and the primary account is 'user' with all files / folders under the home directory owned by 'user'.

    For the remote backup to work the backup server needs to login to my server and I was thinking of creating a new user account for this such that this account will have only read only access.

    Is this the best way to do it?

    I tried:
    PHP Code:
    useradd -M backupusername 
    However this user doesn't have any access (even directory listing) of files in the /home/user directory. My understanding is that since all the files in /home/user (which are the files that need to be backed up) are world readable, then any user should be able to read these files.

    Any recommendations on how to setup this new backup user such that it can only read files for the backup script to work?

  2. #2
    Join Date
    Apr 2005
    Location
    Cochin
    Posts
    2,452
    What is your access level to the remote server ?

  3. #3
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,771
    You can add the backup user to the group of the original user.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  4. #4
    Quote Originally Posted by activelobby4u View Post
    What is your access level to the remote server ?
    Not too sure what you mean. If it helps it is rsync.net that I'm using for the remote backups.

    Quote Originally Posted by david510 View Post
    You can add the backup user to the group of the original user.
    Will this give the backup user access to write / remove files though? Files are owned by user:user

  5. #5
    Just on this, since I'm running the backups as another user, is it OK to make all my files readable by others/world?

    I can't see any other way of having a separate backup user who can only read files.

    Just wondering how others have their remote backups (which pull backups from the live server) without being able to modify the existing files.

  6. #6
    Join Date
    Feb 2008
    Location
    WI
    Posts
    38
    Don't know if this will help or not.
    I have my backups stored outside public_html and use a simple batch file to ftp to the domain and get them. works without problem. I just set up and used an ftp user for the purpose and that user only has access to that one directory.

  7. #7
    Quote Originally Posted by egsi View Post
    Just on this, since I'm running the backups as another user, is it OK to make all my files readable by others/world?

    I can't see any other way of having a separate backup user who can only read files.

    Just wondering how others have their remote backups (which pull backups from the live server) without being able to modify the existing files.
    I would recommend a other way round.

    Create a Ftp user on a remote server. Write a script on your server which will create a backup of all the website files and databases and then using the remote Ftp details, will connect the remote server and copy over your backup.

    As you said, you are using rsync.net backup facility, they will give you the Ftp details of the backup account you purchase. If you request them, they will also write a script on their backup server to rsync your website data under your backup account.

    Regarding the user you are trying to create with read permission, he won't be able to backup if he just got read permission of the website files.
    | LinuxHostingSupport.net
    | Server Setup | Security | Optimization | Troubleshooting | Server Migration
    | Monthly and Task basis services.
    | MSN : madaboutlinux[at]hotmail.com | Skype : madaboutlinux

  8. #8
    Join Date
    Feb 2008
    Location
    WI
    Posts
    38
    Create a Ftp user on a remote server. Write a script on your server which will create a backup of all the website files and databases and then using the remote Ftp details, will connect the remote server and copy over your backup.
    That is just what I was talking about. I have a script that will back up all databases and public_html to a directory outside of public_html. I then have a script on my computer that will use the ftp info to ftp to the directory, download to my computer and then delete what is in the directory on the server.

  9. #9
    Quote Originally Posted by madaboutlinux View Post
    I would recommend a other way round.

    Create a Ftp user on a remote server. Write a script on your server which will create a backup of all the website files and databases and then using the remote Ftp details, will connect the remote server and copy over your backup.

    As you said, you are using rsync.net backup facility, they will give you the Ftp details of the backup account you purchase. If you request them, they will also write a script on their backup server to rsync your website data under your backup account.

    Regarding the user you are trying to create with read permission, he won't be able to backup if he just got read permission of the website files.
    Sounds like this is the way to do it then like yourself and PhilD have recommended.

    My only question then is what is the best way to make the backup of my files on the local server? I could copy them into the local backup account but imagine this would be quite resource intensive?

    To make things easier let's say:

    1. My files are located under \home\mainaccount
    2. I make a new backup account say called \home\backupaccount
    3. Every night I copy (or rsync?) the contents of \home\mainaccount to \home\backupaccount (and take any DB dumps also into this folder)
    4 Every night after steps 1-3 above, rsync.net then connects to \home\backupaccount and takes a snapshot of this folder and any sub folders. The backupaccount user only has access to \home\backupaccount.

    So for step 3, should I just copy the data across or do a local rsync ?

  10. #10
    Step 3: rsync as there is no need to copy over files which are unchanged.

    BTW, there is no need to delete the backup from \home\backupaccount once you copy the backup on your local machine.
    | LinuxHostingSupport.net
    | Server Setup | Security | Optimization | Troubleshooting | Server Migration
    | Monthly and Task basis services.
    | MSN : madaboutlinux[at]hotmail.com | Skype : madaboutlinux

  11. #11
    Sounds good thanks for that. Appreciate the help.

  12. #12
    Join Date
    Jul 2009
    Posts
    240
    i still opt to 'push' the data instead of rsync.net pulling it.

    if you decide to have them pull the data (im assuming via rsync) then you have to give the remote user sudo priv to rsync so it can copy your homedir without you having to add that user to you group or do any special file permissions on your homedir files. Also it is highly recommended that you use pubkey auth on the ssh and have a nologin for that user.

    pushing is much easier since you can have more control ..even just make one script to dump your db and then rsync your homedir (instead of dumping it to a backup dir). This will also reduce the transfer time since rsync will only send the new files and not the whole dump each session.

  13. #13
    Thanks DJMizt73.

    My only concern with pushing the backups is that if the server is compromised, then the hacker can also access my backup and purge them!

Similar Threads

  1. Remote backups with user ftp access
    By RW-Steven in forum Running a Web Hosting Business
    Replies: 5
    Last Post: 03-19-2007, 02:53 AM
  2. Who Do You Use For Remote Backups?
    By mrbt in forum Dedicated Server
    Replies: 25
    Last Post: 08-16-2006, 10:36 PM
  3. Stop CPanel from adding Cpanel login when adding user
    By AlexNY in forum Hosting Software and Control Panels
    Replies: 2
    Last Post: 05-25-2004, 03:18 AM
  4. Remote Backups
    By dbbrock1 in forum Hosting Security and Technology
    Replies: 9
    Last Post: 03-03-2004, 12:23 AM
  5. Adding a remote user to MySQL
    By Serevinus in forum Programming Discussion
    Replies: 5
    Last Post: 03-06-2003, 08:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •