Top Menu

Jump to content
Home
    Modules
      • Projects
      • Activity
      • Work packages
      • Gantt charts
      • Calendars
      • Team planners
      • Boards
      • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.
    • Help and support
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support
    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • News
  • Forums
  • Feature tour
    Feature tour

Content

You are here:
  1. Forums
  2. General discussion

How do you download backup files as a sudoer but not root?

Added by Piotr F over 1 year ago

Hi,

Ubuntu 22.04 LTS, VPS.

Newest OP Community Ed.

I have turned off logging in as a root via SSH.

Now it appears, as a sudoer XY, from VPS I can't download to my PC a backup folder content via FTP client (WinSCP in that case). Permissions thing pops up. I can enter the folder though, as a sudoer XY.

Hence, kindly, I have three questions:

  1. what are correct, default permissions for backup folder, and its content? (I messed up a bit manually).
  2. who should be the owner of that folder and its content, only 'openproject' or could it be any sudoer? (It's also tricky here: one set of backup is owned by me as a sudoer XY, and despite I log in via FTP as a sudoer XY I still cannot download, same message pops up).
  3. is it possible at all to download the content of a backup folder as any other user than root?

Will be very grateful for any help.

Cheers,

Piotr


Replies (7)

RE: How do you download backup files as a sudoer but not root? - Added by Piotr F over 1 year ago

Robinson, thanks a lot for taking the time to reply.

Backups on VPS are done via cron by root.

I have root privileges too. But for security reasons, as mentioned, root via SSH is turned off, by me. For now, I don't want to use it, as I did for years.

I used working script via WinSCP, .BAT which starts now, and then stops because of the permissions problem, I think (this script worked fine for years when I used root account to download).

I used to run this script automatically on my PC via Task Scheduler every morning, before the problem with permissions appeared:

@echo off

"C:\Program Files (x86)\WinSCP\WinSCP.com" ^
 /ini=nul ^
 /command ^
   "open sftp://non-root-sudoer@domain.com:port#/ -hostkey=""ssh-###"" -privatekey=""G:\path\to\keys keys SSH\key.ppk"" -passphrase=""x"" -rawsettings PingType=X AgentFwd=X AuthKI=X" ^
   "cd /var/db/openproject/backup" ^
   "lcd ""G:\path\to\myPC\backupfolder""" ^
   "get -preservetime *" ^
   "exit"

set WINSCP_RESULT=%ERRORLEVEL%
if %WINSCP_RESULT% equ 0 (
 echo Success
) else (
 echo Error
)

exit /b %WINSCP_RESULT%

But I understand that basically, it is all about non-root-sudoer permissions: backup folder and files.

Do you know the exact chmod number which I should set up?

This is what I have got for the folder (the only possible from drop-down list owners are root and openproject):

And this is what I get for the files in the folder (the only owners available from the drop-down list are non-root-sudoer and openproject):

Do you have any ideas how to set it correctly?

I will be very grateful for any clues.

Cheers,

Piotr

Robinson Taylor wrote:

As a sudoer, you have elevated privileges to perform administrative tasks on the system, but you are not the root user. To download backup files as a sudoer, you can follow these general steps:

  1. Open a terminal or command prompt on the system where the backup files are located.
  2. Navigate to the directory where the backup files are stored.
  3. Check the file permissions to ensure that the backup files are readable by the user account you are logged in as. You can use the "ls -l" command to view the file permissions.
  4. Use the "sudo" command to execute the download command with elevated privileges. For example, if you want to download a file named "backup.tar.gz" using the "wget" command, you would run:

sudo wget http://example.com/backup.tar.gz

  1. Enter your sudo password when prompted, if required.
  2. Wait for the download to complete and verify that the backup file has been downloaded successfully. If you encounter any errors or permission issues while downloading the backup files as a sudoer, you may need to check the file permissions or consult with the root user or system administrator for further assistance.

RE: RE: How do you download backup files as a sudoer but not root? - Added by Piotr F over 1 year ago

Solved.

I should have downloaded all as openproject user.

Sorry for bothering.

Piotr

RE: RE: How do you download backup files as a sudoer but not root? - Added by Jeff Li about 1 year ago

Piotr F wrote:

Solved.

I should have downloaded all as openproject user.

Sorry for bothering.

Piotr

What is the password for openproject user?

RE: How do you download backup files as a sudoer but not root? - Added by Piotr F about 1 year ago

Jeff, sorry, I don't know, I use another way to login.

I believe it is set by a user/ admin during (first?) installation.

Cheers,

Piotr

RE: How do you download backup files as a sudoer but not root? - Added by Jeff Li about 1 year ago

Hi Piotr F,

Does your other way is the peer authentication method for postgres system account? Can you join public Telegram groups https://t.me/openproject_PMS and we can have a talk?

RE: How do you download backup files as a sudoer but not root? - Added by Jan H 9 months ago

Jeff Li wrote:

Hi <mention class="mention" data-id="65944" data-type="user" data-text="@Piotr F">@Piotr F,

Does your other way is the peer authentication method for postgres system account? Can you join public Telegram groups https://t.me/openproject_PMS and we can have a talk?

I am not entirely sure, but chances are that the openproject user might not have a password, as it should be meant to run the application and not work on the system.

Since regular backups are likely to be created by a recurring process such as cronjob, you might want to do the following:

  1. run openproject run backup from the script, crontab, etc. that is in charge of creating regular backups
  2. If the backups should be moved somewhere else, especially offsite, you might want to encrypt those backups first, for example with borg.
  3. Then move to backups to a location on the host, where a non-sudo user has access and chown the backup files the non-sudo user. -> This circumvents the issue of having to know the credentials for user "openproject"
  4. Set the authentication methods for said user the way you need to. You might want to use key-based authentication for ssh.

That is a solution that has worked for me and should work on most Linux systems "out of the box" (except for Borg, of course, which you would need to install).

RE: How do you download backup files as a sudoer but not root? - Added by Piotr F 9 months ago

Hi @Jan H, and @Jeff Li,

Yes, this is one of the simplest methods.

You can set crontab to move/ copy backups to somewhere else, for example to some non-sudoer folders.

I keep this all automated, don't do anything, just turn on PC, and via script it downloads backups everyday.

Best,

Piotr

PS Jeff, sorry for not replying, no, I don't intend to go to any Telegram groups.

  • (1 - 7/7)
Loading...