From dean-list-rdiff-backup@arctic.org Fri May 17 17:50:01 2002
From: dean gaudet <dean-list-rdiff-backup@arctic.org>
To: rdiff-backup@keywest.Stanford.EDU
Subject: --change-source-perms
X-comment: visit http://arctic.org/~dean/legal for information regarding
    copyright and disclaimer.
List-Subscribe: <http://keywest.Stanford.EDU/mailman/listinfo/rdiff-backup>,
	<mailto:rdiff-backup-request@keywest.Stanford.EDU?subject=subscribe>
List-Archive: <http://keywest.Stanford.EDU/pipermail/rdiff-backup/>
Date: Fri, 17 May 2002 17:47:46 -0700 (PDT)

before using rdiff-backup, i used tar ... and tar never complained about
several dozen files on my system which have no read permission.  but
rdiff-backup started complaining, until i put in the --change-source-perms
option.  unfortunately i can't use this option when i'm doing the backup
from a read-only snapshot.

i looked at an strace of tar -- and when running as root, it has no
problems opening a file for reading, even when the file has no read
permissions for any user:

lstat64("a1/unread", {st_mode=S_IFREG, st_size=0, ...}) = 0
open("a1/unread", O_RDONLY|O_LARGEFILE) = 4
fstat64(4, {st_mode=S_IFREG, st_size=0, ...}) = 0
close(4)                                = 0

studying an strace of rdiff-backup (without --change-source-perms) i
notice that it doesn't even attempt to open the file:

lstat64("a1/unread", {st_mode=S_IFREG, st_size=0, ...}) = 0
write(2, "Received error \'No read permissi"..., 83) = 83

it'd be preferable to behave more like tar -- attempt the open()
regardless of what the permissions are.  similarly, root is able to
opendir() regardless of permissions.

the patch below is a hack ... i think it's preferable to try the
open()/opendir() and use the results of that to decide whether to try
--change-source-perms.  the hack in the patch just assumes root can
open()/opendir().  in my quest for better security for the backup i'm
going to be investigating non-root users which can do read-only opens of
everything... which is why i think hard-coding root is a hack.

but anyhow, here's the patch against 0.7.4 :)  it's my first python, hee.

-dean

--- rdiff-backup.orig	Tue May 14 21:39:56 2002
+++ rdiff-backup	Fri May 17 17:43:31 2002
@@ -3706,7 +3706,8 @@

 	def set_init_perms(self, source):
 		"""If necessary, change permissions to ensure access"""
-		if self.isreg() and not self.readable():
+		if self.conn.Globals.get('process_uid') == 0: return
+		elif self.isreg() and not self.readable():
 			if not source or Globals.change_source_perms and self.isowner():
 				self.chmod_bypass(0400)
 			else: self.warn("No read permissions")

_______________________________________________
Rdiff-backup mailing list
Rdiff-backup@keywest.Stanford.EDU
http://keywest.Stanford.EDU/mailman/listinfo/rdiff-backup