I'm installing
BackupPC from source onto DietPi v6.34.3 and I've run into a problem:
BackupPC requires that the CGI script BackupPC_Admin be executed
as the BackupPC user (i.e., backuppc). However the main partition (mmcblk1p1) doesn't seem to allow SUID executables!
I came to this conclusion using something similar to
the troubleshooting steps described on the BackupPC FAQ:
- I created a simple shell script that contains only the command `whoami`:
Code: Select all
dietpi@backuppc:~$ sudo cat /root/whoami.sh
#!/bin/bash
whoami ;
- I made the backuppc user account the owner of the script; made the script executable, and; set the Sticky Bit:
Code: Select all
dietpi@backuppc:~$ sudo ls -l /root/whoami.sh
-rwsr-xr-x 1 backuppc backuppc 22 Jan 15 17:43 /root/whoami.sh
However: When I execute the script it reports that it is executing as the user that issued the command (i.e., root):
Code: Select all
dietpi@backuppc:~$ sudo /root/whoami.sh
root
dietpi@backuppc:~$ /root/whoami.sh
dietpi
So I moved the whoami.sh script to the $HOME of the dietpi user account (i.e., /home/dietpi) and repeated the experiment:
Code: Select all
dietpi@backuppc:~$ echo $HOME
/home/dietpi
dietpi@backuppc:~$ pwd
/home/dietpi
dietpi@backuppc:~$ ll
total 1796
-rw-r--r-- 1 dietpi dietpi 657309 Jun 20 2020 BackupPC-4.4.0.tar.gz
-rw-r--r-- 1 dietpi dietpi 289549 Jun 20 2020 BackupPC-XS-0.62.tar.gz
-rw-r--r-- 1 dietpi dietpi 883808 Oct 8 14:11 rsync-bpc-3.1.3.0.tar.gz
-rwsr-xr-x 1 backuppc backuppc 22 Jan 15 18:38 whoami.sh
The results were
functionally identical (i.e., The script did
not execute as the user backuppc):
Code: Select all
dietpi@backuppc:~$ pwd
/home/dietpi
dietpi@backuppc:~$ ./whoami.sh
dietpi
So I've tried to manually override any "implied" nosuid by explicitly specifying that the main partition allow SUID execution.
And then I rebooted:
Code: Select all
dietpi@backuppc:~$ cat /etc/fstab | grep -v '^#' | grep -v '^$'
tmpfs /tmp tmpfs size=1956M,noatime,lazytime,nodev,nosuid,mode=1777
tmpfs /var/log tmpfs size=50M,noatime,lazytime,nodev,nosuid,mode=1777
UUID=1542112e-4bd9-4f4a-9660-e9405c792736 / ext4 noatime,lazytime,rw,suid 0 1
But that didn't change the behaviour:
Code: Select all
dietpi@backuppc:~$ grep UUID /etc/fstab
UUID=1542112e-4bd9-4f4a-9660-e9405c792736 / ext4 noatime,lazytime,rw,suid 0 1
dietpi@backuppc:~$ mount | grep mmcblk
/dev/mmcblk1p1 on / type ext4 (rw,noatime,lazytime)
What might be causing this unexpected behaviour?
Ideas? Suggestions?
TIA!
Eric P.
Portland, Oregon