[rdiff-backup-users] rdiff-backup fails with forced-command but works through shell

[Richard Freytag]

I am stuck. I have read HOWTOs all over the place saying how to get rdiff-backup to use a public key with a 'command="(shell script name)"'. The script then executes the client side version of rdiff-backup sudo'd which then safely backups up everything.  Here is the HOWTO that explains what I am trying to do in detail (for rsync but I’m trying to do it for rdiff-backup): http://troy.jdmz.net/rsync/index.html

 

I can do this (with ridff-backup) using public-key authentication as root on the client with the forced command in the key on the client side. But I just CANNOT get the forced-command in a script to work with rdiff-backup.

 

BTW, I can get the forced-command to work calling a script merely containing the 'ls' command.  Maybe this all has something to so with the shell messing with STDOUT and potential fundamental misunderstanding of shell environments as hinted at here: http://www.mail-archive.com/address@hidden/msg02954.html

?

 

What Works

 

Currently 'rdiff-backup' works great on the client/backup-machine with the command:

 

rdiff-backup address@hidden::/home/user /home/server-backups/user

 

The login uses a password-less key-based authentication and the ssh client-side configuration (.ssh/config) file reading:

 

host client

    hostname client

    user user

    identityfile /home/client/key/server-passwordless-key

    compression yes

    protocol 2

 

NOTE: they private key is in /home/client/key/server-password-less-key.

 

On the server the public-key starts with the following constraints:

 

from="client",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="rdiff-backup --server --restrict-read-only /" ssh-rsa AAasdfaj23jasljjj..etc., etc.

 

This works perfectly. Both machines are Ubuntu Server 10.04 LTS.

 

 

The Error

 

The problem is that if I want to "force the command" on the server by altering the server-side public key so it looks for '/usr/local/bin/hard-coded-rdiff' as follows:

 

   from="client",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/usr/local/bin/hard-coded-rdiff" ssh-rsa AAasdfaj23jasljjj..etc., etc. 

 

I have run:

 

chmod 744 /usr/local/bin/hard-coded-rdiff

 

...so it should be executable by all. 'user' can execute /user/local/bin/hard-coded-rdiff.

 

/usr/local/bin/hard-coded-rdiff's contents are:

 

#! /usr/bin/sh

/usr/bin/rdiff-backup --server --restrict-read-only /

 

This fails on the client with the message:

 

Exception '' raised of class '<type 'exceptions.MemoryError'>':

File "/usr/lib/pymodules/python2.6/rdiff_backup/Main.py", line 304, in error_check_Main

  try: Main(arglist)

File "/usr/lib/pymodules/python2.6/rdiff_backup/Main.py", line 321, in Main

  rps = map(SetConnections.cmdpair2rp, cmdpairs)

File "/usr/lib/pymodules/python2.6/rdiff_backup/SetConnections.py", line 76, in cmdpair2rp

  if cmd: conn = init_connection(cmd)

File "/usr/lib/pymodules/python2.6/rdiff_backup/SetConnections.py", line 152, in init_connection

  check_connection_version(conn, remote_cmd)

File "/usr/lib/pymodules/python2.6/rdiff_backup/SetConnections.py", line 160, in check_connection_version

  try: remote_version = conn.Globals.get('version')

File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 450, in __call__

  return apply(self.connection.reval, (self.name,) + args)

File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 368, in reval

  result = self.get_response(req_num)

File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 315, in get_response

  try: req_num, object = self._get()

File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 240, in _get

  data = "">

File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 210, in _read

  try: return self.inpipe.read(length)

 

Traceback (most recent call last):

 

File "/usr/bin/rdiff-backup", line 30, in <module>

  rdiff_backup.Main.error_check_Main(sys.argv[1:])

File "/usr/lib/pymodules/python2.6/rdiff_backup/Main.py", line 304, in error_check_Main

  try: Main(arglist)

File "/usr/lib/pymodules/python2.6/rdiff_backup/Main.py", line 321, in Main

  rps = map(SetConnections.cmdpair2rp, cmdpairs)

File "/usr/lib/pymodules/python2.6/rdiff_backup/SetConnections.py", line 76, in cmdpair2rp

  if cmd: conn = init_connection(cmd)

File "/usr/lib/pymodules/python2.6/rdiff_backup/SetConnections.py", line 152, in init_connection

  check_connection_version(conn, remote_cmd)

File "/usr/lib/pymodules/python2.6/rdiff_backup/SetConnections.py", line 160, in check_connection_version

  try: remote_version = conn.Globals.get('version')

File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 450, in __call__

  return apply(self.connection.reval, (self.name,) + args)

File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 368, in reval

  result = self.get_response(req_num)

File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 315, in get_response

  try: req_num, object = self._get()

File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 240, in _get

  data = "">

File "/usr/lib/pymodules/python2.6/rdiff_backup/connection.py", line 210, in _read

  try: return self.inpipe.read(length)

MemoryError

 

The message from rdiff-backup on the server (pulling from client) ends with a dump of errors from the python executable and a "memory error."   Same command on the client, small change to force the user of a shell script on the server and it fails – why please?

 

Thanks for your suggestions.

 

Respectfully,

Richard

 

P.S. I also listed this question on serverfault.com here: http://serverfault.com/questions/271518/rdiff-backup-fails-with-forced-command-but-works-through-shell if you want to answer the question for points there.