Johnny Hughes wrote: > The only reason the current version is still in testing and not > production is that it requires running apache (httpd) as the backuppc > user (due to the performance issues if not using mod_perl). Pesonally I'd recommend shipping it with a dependency on perl-suidperl and use the suid bit on the cgi program to permit access instead of using mod_perl. It's not even necessary to use the web interface and it it runs at a usable speed even as a standard cgi. > People who are running BackupPC on a separate server where backups are > it's major function will appreciate that. Some users want (or expect) > it to run as the apache user, which it will not. Actually it could run as the apache user as easily as anything else if you go that route. The only place you have a problem is where you have other web services that might not be as secure and users that need access to apache-owned files that shouldn't access all the backups. An alternative would be to make a 2nd instance of httpd using mod_perl that runs on a different port. > That can cause issues ... therefore I have kept it in testing. (Though > it works great for me in production, with the mod_perl setup). > > There is a version in Fedora Extras that takes the non mod_perl approach > and runs as the apache user. > > I will upgrade this to the new version soon. I think it is more important to have backups working than to save a fraction of a second per page when you browse through them, but I'd use the suid approach if it isn't on mod_perl. One feature that would be nice, and is currently not included would be to have mod_auth_pam in the httpd package. Backuppc permits authenticated http access and can restrict non-admin users to backups of machines that they 'own' as specified in backuppc's host file. However, without mod_auth_pam it is not easy to match up http authentication with the users/passwords the rest of the system knows (potentially including several schemes). It isn't that hard to add, but does anyone know why it isn't included in a system that otherwise revolves around PAM? -- Les Mikesell lesmikesell at gmail.com