Remote dumps as root (was Re: Why does "root" worn everything?)

[Ken Smith]

In article <1610 at pinney.munsell.UUCP> pz at pinney.UUCP (Paul Czarnecki) writes:
>In article <9318 at sunybcs.UUCP> kensmith at sunybcs.UUCP (Ken Smith) writes:
>> It's too bad rdump uses a privileged socket, it'd be
>> nice to be able to remote dump workstations from a non-root account.  
>
>I asked Sun what to do about this.  (Isn't software support wonderful)
>They just told me to make /etc/dump setuid root, setgid operator.
>None of my backups are done by someone logging in as root.
>
>Was this stupid?
>
>					pZ
>-- 
>		       Paul Czarnecki -- Spam, spam, spam, Usenet, and spam
>	{{harvard,ll-xn}!adelie,{decvax,allegra,talcott}!encore}!munsell!pz

As long as /etc/dump is only executable by the people you want it to be.
Otherwise it can be told to dump to stdout which can be piped to restore
to extract any files on the disk.

We have a program called 'sudo' that will exec a command as root for you
if your username is on a certain list.  My solution to the dumping problem
was to make accounts on the 'unsecure' hosts called 'sundumps' that was only
able to run 'sudo' for the command /etc/rdump.  On the host they're dumping
to there is also an account 'sundumps' with *no* privileges and a '.rhosts'
file with 'root at unsecure_host' in it.  The people we have doing the dumps
log into the unsecure host as sundumps and do :

sudo /etc/rdump 2udsf 6250 2200 joey.sundumps:/dev/rmt8 /dev/whatever

to do the dump to the machine 'joey'.  The 'joey.sundumps' means the rmt
process on joey gets run as user sundumps.  This was the best all-round way
I could come up with to allow student consultants to be able to dump a
couple SUN fileservers to 9-track tapes on our larger systems without
compromising security too much.

						Ken Smith

internet: kensmith at cs.buffalo.edu	bitnet:	kensmith at sunybcs.BITNET
uucp:	  ..!{ames,boulder,decvax,rutgers}!sunybcs!kensmith