Securely backing up your files with rdiff-backup and sudo

Backups are important, whether you are backing up your databases or your wedding pictures. The loss of data can ruin your day. While there is a huge list of backup software to choose from; some good, some not so good. One of the tools that I have used for years is rdiff-backup. rdiff-backup is a rsync delta based backup tool that both stores a full mirror and incremental changes. It determines changes based on the rsync method of creating small delta files, which allows for rdiff-backup to restore files to any point in time (within the specified retention period).

Cheat Sheet: 21 useful find commands

For todays article I wanted to put together a quick little cheat sheet for some GNU find command examples. Some of these commands will be basic some will be more advanced, but they all will be useful. As a caveat some commands don't work in all Unix environments and this is especially true with older releases. If you find yourself in one of those situations there is a way to make the find command work you will just need to use different methods like the -exec flag.

Sudoedit: Securely allow users to edit files

Allowing unprivileged users to edit files that are normally beyond their rights is a task that is easy to perform however it requires a great deal of forethought to implement without opening security holes. You can give users the ability to edit privileged files by using User/Group Permissions, ACL's, or even sudo; but no matter which way you choose there are some things you must consider. For an example lets take a look at 2 files /etc/services and /etc/cron.

Why you should avoid running applications as root

I'm going to start this post by saying what I'm really thinking. 90% of the time if an application is running as the root user on a Unix/Linux machine; it is because the sysadmin who setup or designed the environment was being lazy. Now before getting offended, being a lazy sysadmin is a good thing. The fact is that most systems administrators are lazy in some way, and that is the reason why most systems administration tasks end up being scripted.

Sudo: Running as a specific user

Sudo is usually used to allow a user to run commands as root, but what happens if you want a user to run a command as another user? You can use the example below to configure your sudo rule. Example: [[email protected] ~]$ sudo -u sudoguy whoami sudoguy The rule from /etc/sudoers: bcane ALL=(sudoguy) /usr/bin/whoami, NOPASSWD: ALL Same thing but instead of bcane the users group: %users ALL=(sudoguy) /usr/bin/whoami, NOPASSWD: ALL

Sudo: List available commands

Sudo is the Unix/Linux standard for providing users with the ability to run commands as another user. However when working with large teams sometimes its difficult to identify which user has what access, below is a command that makes it easy to see what is available for a user. Example: [[email protected] ~]$ sudo -l User sudoguy may run the following commands on this host: (root) /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall, (root) /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool, (root) /bin/rpm, /usr/bin/up2date, /usr/bin/yum, (root) NOPASSWD: ALL The cool thing about this is you can also do this as root without switching to the user.