search

digint / btrbk

Tool for creating snapshots and remote backups of btrfs subvolumes
https://digint.ch/btrbk/
GNU General Public License v3.0
1.64k stars 120 forks source link

Stuck on getting remote sudoers working #472

Closed mxmilkiib closed 2 years ago

mxmilkiib commented 2 years ago

Hi, setting up for the first time, got as far as

milk@red:~ % sudo btrbk -v -n run
[sudo] password for milk: 
btrbk command line client, version 0.32.1  (Sat Apr 23 14:53:04 2022)
Using configuration: /etc/btrbk/btrbk.conf
WARNING: Skipping target "192.168.1.3[321]:/media/media/backup": Failed to fetch subvolume detail
WARNING: ... Command execution failed (exitcode=1)
WARNING: ... sh: ssh -p 321 -i '/home/milk/.ssh/id_btrbk' btrfsbackup@192.168.1.3 'btrfs subvolume list -a -c -u -q -R '\''/media/media'\'''
WARNING: ... Armbian 21.02.4 Buster
WARNING: ... can't perform the search: Operation not permitted
...

but I've got this in my /etc/sudoers;

14:49:06 milk@ohm:~ % cat /etc/sudoers
...
#btrfsbackup All=(ALL) NOPASSWD:ALL
#btrfsbackup All = (ALL) NOPASSWD: /usr/bin/btrfs list /media/media

Cmnd_Alias BTRFS_FILESYSTEM_USAGE = /usr/bin/btrfs filesystem usage *
Cmnd_Alias BTRFS_SUBVOLUME_SHOW = /usr/bin/btrfs subvolume show *
Cmnd_Alias BTRFS_SUBVOLUME_LIST = /usr/bin/btrfs subvolume list *
Cmnd_Alias BTRFS_SUBVOLUME_SNAP = /usr/bin/btrfs subvolume snapshot *
Cmnd_Alias BTRFS_SUBVOLUME_DELETE = /usr/bin/btrfs subvolume delete *
Cmnd_Alias BTRFS_SEND = /usr/bin/btrfs send *
Cmnd_Alias BTRFS_RECEIVE = /usr/bin/btrfs receive *
Cmnd_Alias READLINK = /usr/bin/readlink *
Cmnd_Alias TEST = /usr/bin/test *

btrfsbackup ALL= NOPASSWD: BTRFS_FILESYSTEM_USAGE, BTRFS_SUBVOLUME_SHOW, BTRFS_SUBVOLUME_LIST, BTRFS_SUBVOLUME_SNAP, BTRFS_SUBVOLUME_DELETE, BTRFS_SEND, BTRFS_RECEIVE, READLINK, TEST

so I'm a bit confused. I can't see any step before that I have missed, the machine has been rebooted, and it gives the same "ERROR: can't perform the search: Operation not permitted" error when I try to run it manually as the remote btrfsbackup user. Any advice? Thanks!

Edit: quick example;

14:49:32 milk@ohm:~ % btrfs fi show
Label: 'media'  uuid: e3044be3-f065-493a-b12b-1836c6a73239
    Total devices 2 FS bytes used 3.62TiB
    devid    1 size 14.55TiB used 3.62TiB path /dev/sda
    devid    2 size 14.55TiB used 3.62TiB path /dev/sdb

Label: none  uuid: 3ddaaaa9-8513-43be-a4bc-8839a33a70ce
    Total devices 2 FS bytes used 128.00KiB
    devid    1 size 5.46TiB used 2.01GiB path /dev/sdc
    devid    2 size 5.46TiB used 2.01GiB path /dev/sdd

15:28:58 milk@ohm:~ % sudo -u btrfsbackup btrfs fi show
[sudo] password for milk: 
15:29:15 milk@ohm:~ %

P.S. this is a Yunohost install, which is Armbian. It does use PAM and LDAP for some things, with a web interface for account generation and giving permission for ssh login, maybe this setup relates to this issue.. not sure how though. Searching for yunohost sudoers pam with Google verbatim on gives 0 results.

mxmilkiib commented 2 years ago

Aside from incorrectly spelling ALL as All for my test lines, I had forgotten to set "backend_remote btrfs-progs-sudo" in the config!