Added by Piotr F over 2 years ago
Hi,
Ubuntu 22.04 LTS, VPS.
Newest OP Community Ed.
I have turned off logging in as a root via SSH.
Now it appears, as a sudoer XY, from VPS I can't download to my PC a backup folder content via FTP client (WinSCP in that case). Permissions thing pops up. I can enter the folder though, as a sudoer XY.
Hence, kindly, I have three questions:
- what are correct, default permissions for backup folder, and its content? (I messed up a bit manually).
- who should be the owner of that folder and its content, only 'openproject' or could it be any sudoer? (It's also tricky here: one set of backup is owned by me as a sudoer XY, and despite I log in via FTP as a sudoer XY I still cannot download, same message pops up).
- is it possible at all to download the content of a backup folder as any other user than root?
Will be very grateful for any help.
Cheers,
Piotr
Replies (7)
Robinson, thanks a lot for taking the time to reply.
Backups on VPS are done via cron by root.
I have root privileges too. But for security reasons, as mentioned, root via SSH is turned off, by me. For now, I don't want to use it, as I did for years.
I used working script via WinSCP, .BAT which starts now, and then stops because of the permissions problem, I think (this script worked fine for years when I used root account to download).
I used to run this script automatically on my PC via Task Scheduler every morning, before the problem with permissions appeared:
@echo off"C:\Program Files (x86)\WinSCP\WinSCP.com" ^/ini=nul ^/command ^"open sftp://non-root-sudoer@domain.com:port#/ -hostkey=""ssh-###"" -privatekey=""G:\path\to\keys keys SSH\key.ppk"" -passphrase=""x"" -rawsettings PingType=X AgentFwd=X AuthKI=X" ^"cd /var/db/openproject/backup" ^"lcd ""G:\path\to\myPC\backupfolder""" ^"get -preservetime *" ^"exit"set WINSCP_RESULT=%ERRORLEVEL%if %WINSCP_RESULT% equ 0 (echo Success) else (echo Error)exit /b %WINSCP_RESULT%But I understand that basically, it is all about non-root-sudoer permissions: backup folder and files.
Do you know the exact chmod number which I should set up?
This is what I have got for the folder (the only possible from drop-down list owners are root and openproject):
And this is what I get for the files in the folder (the only owners available from the drop-down list are non-root-sudoer and openproject):
Do you have any ideas how to set it correctly?
I will be very grateful for any clues.
Cheers,
Piotr
Robinson Taylor wrote:
Solved.
I should have downloaded all as openproject user.
Sorry for bothering.
Piotr
Piotr F wrote:
What is the password for openproject user?
Jeff, sorry, I don't know, I use another way to login.
I believe it is set by a user/ admin during (first?) installation.
Cheers,
Piotr
Hi Piotr F,
Does your other way is the peer authentication method for postgres system account? Can you join public Telegram groups https://t.me/openproject_PMS and we can have a talk?
Jeff Li wrote:
I am not entirely sure, but chances are that the openproject user might not have a password, as it should be meant to run the application and not work on the system.
Since regular backups are likely to be created by a recurring process such as cronjob, you might want to do the following:
openproject run backupfrom the script, crontab, etc. that is in charge of creating regular backupschownthe backup files the non-sudo user. -> This circumvents the issue of having to know the credentials for user "openproject"That is a solution that has worked for me and should work on most Linux systems "out of the box" (except for Borg, of course, which you would need to install).
Hi @Jan H, and @Jeff Li,
Yes, this is one of the simplest methods.
You can set crontab to move/ copy backups to somewhere else, for example to some non-sudoer folders.
I keep this all automated, don't do anything, just turn on PC, and via script it downloads backups everyday.
Best,
Piotr
PS Jeff, sorry for not replying, no, I don't intend to go to any Telegram groups.